Learning Center
Plans & pricing Sign in
Sign Out



									Phishing and Pharming: Dangerous Scams

Word Count:

As soon as almost all computer users already got used to -- or at least
heard about -- the word "phishing", another somewhat confusing word
appeared. Pharming. Does it differ from phishing -- if yes, how?

phishing, pharming, information stealing, identity theft, keylogging,
keyloggers, spam, scams, online fraud, Internet fraud, Internet dangers.

Article Body:
As soon as almost all computer users already got used to -- or at least
heard about -- the word "phishing", another somewhat confusing word
appeared. Pharming. Does it differ from phishing -- if yes, how?

<b>Two Pharmings</b>

Actually, two completely different fields use the term "pharming" now. We
can say there exist two separate "pharmings".

 If genetics or businessmen from pharmaceutical industry are talking
about pharming (spelled like that) it might have nothing to do with
computers. This word has long been familiar to genetic engineers. For
them, it's a merger of "farming" and "pharmaceutical" and means the
genetic engineering technique -- inserting extraneous genes into host
animals or plants in order to make them produce some pharmaceutical
product. Although it is very interesting matter, this article isn't about

As for PC users, the term "pharming" recently emerged to denote
exploitation of a vulnerability in the DNS server software caused by
malicious code. This code allows the cybercriminal who contaminated this
PC with it to redirect traffic from one IP-address to the one he
specified. In other words, a user who types in a URL goes to another web
site, not the one he wanted to--and isn't supposed to notice the

Usually such a website is disguised to look like a legitimate one -- of a
bank or a credit card company. Sites of this kind are used solely to
steal users' confidential information such as passwords, PIN numbers,
SSNs and account numbers.

<b>Dangerous Scams</b>

A fake website that's what "traditional" phishing has in common with
pharming. This scam can fool even an experienced computer user, and it
makes pharming a grave threat. The danger here is that users don't click
an email link to get to a counterfeit website.

Most people enter their personal information, unaware of possible fraud.
Why should they suspect anything if they type the URL themselves, not
following any links in a suspiciously-looking email?

Unfortunately, "ordinary" phishers are also getting smarter. They eagerly
learn; there is too much money involved to make criminals earnest
students. At first phishing consisted only of a social engineering scam
in which phishers spammed consumer e-mail accounts with letters
ostensibly from banks. The more people got aware of the scam, the less
spelling mistakes these messages contained, and the more fraudulent
websites looked like legitimate ones.

Since about November 2004 there has been a lot of publications of a
scheme which at first was seen as a new kind of phishing. This technique
includes contaminating a PC with a Trojan horse program. The problem is
that this Trojan contains a keylogger which lurks at the background until
the user of the infected PC visits one of the specified websites. Then
the keylogger comes to life to do what it was created for -- to steal

It seems that this technique is actually a separate scam aimed at
stealing personal information and such attacks are on the rise. Security
vendor Symantec warns about commercialisation of malware --
cybercriminals prefer cash to fun, so various kinds of information-
stealing software are used more actively.

Spy Audit survey made by ISP Earthlink and Webroot Software also shows
disturbing figures - 33.17% PCs contaminated with some program with
information stealing capability.

However, more sophisticated identity theft attempts coexist with "old-
fashioned" phishing scams. That is why users should not forget the advice
which they all are likely to have learned by heart:
<li>Never follow a link in an email, if it claims to be from a financial
<li>Never open an attachment if the email is from somebody you don't know
<li>Protect your PC from malware </li>
<li>Stay on the alert </li>

To top