Technology continues its rapid ascent, making our daily lives all the easier to manage. In the process, however, this streamlined way of living creates untapped opportunities for crooks to find new and creative ways to steal both money and identities from unsuspecting victims. A few years ago a new method of robbing folks of their money and identities hit the internet in a big way. It’s called pharming.
Pharming is a scam where malicious code is installed on a victim’s personal computer or server which misdirects users to fraudulent web sites without their knowledge or consent. These websites are often legitimate-looking fakes of trusted service providers like banks or online merchandisers. Once on these websites, the users are prompted to enter their personal information and that data has been “pharmed” by the hackers.
In the past, scammers used phishing practices to illegally obtain victim’s personal data. A fake email or web link would direct the user to the fraudulent website. According to a study by Indiana University in conjunction with Symantec, Inc., as recently as 2007 phishing was responsible for $929 million direct losses yearly and twice that amount indirectly.
As users became savvier, these phishing cons were much easier to spot. And so pharming was born. Without the red-flag of a questionable email or web link, pharming scams are completed before the victim has any suspicions of wrongdoing. They’ve been referred to as “phishing without a lure”.
When it first hit the scene, pharming had the potential to be devastatingly widespread. Initially the scammers found a way to get into the domain naming system of directory servers. This ability meant they could direct any and all users on a particular server, potentially thousands at any one time, to the bogus web sites. No antivirus software or firewalls on the user’s end could prevent this type of fraud.
Thankfully this con was never successfully executed on a large scale, as web designers recognized the threat and worked quickly to block it. Still, even as programmers work diligently to seal up the gaps the scammers squirm through, the bad guys are finding new loopholes and means to exploit our growing reliance on technology to continue their theft.
Here are a few ways the scammers might try to pharm you, along with steps you can take to avoid being conned.
THE SAME OLD SONG
Although internet service providers were able to prevent hackers from doing wide-scale damage, there is still some risk that an address directory server can be compromised and a user sent to a dummy site to have their personal information pharmed.
These attacks are pretty easy to spot though. These days sites that ask you to provide confidential data, whether personal or financial, should be PhC (pharming conscious) and utilize HTTPS protocol. This protocol is a guarantee the site is secure. If you enter confidential information into a non-PhC site, you do so at great risk. You know you are on a PhC page when the address bar reads https, as opposed to simply http, and/or there is a padlock icon in the address bar.
If your system has been compromised and you are being pharmed, the dummy sites will not be able to mimic these security settings. If they do try and fake it, the user will get certificate pop-up box warning that the site is not what it claims to be.
To avoid being pharmed in this manner, never click continue if you get a certificate pop-up warning of this nature. Also, check the address bar before entering your confidential information. If you don’t see the padlock icon or the https address listing, proceed with caution.
COMING INTO YOUR HOME OR OFFICE
Unable to attack users en masse via directory servers, the hackers have found a way to weasel into your home and set up shop in your home or small business router.
It starts with the user visiting a questionable website. While there, without the victim’s knowledge, the site reads the publicly visible network IP address. From there it’s not hard to guess one’s specific IP identity. With this knowledge it simply needs to figure out the router name and password.
Sounds tricky? Sadly, most folks don’t really take the time to set up their routers properly. Often, they stick with a name that is nothing more than the router manufacturer’s name and keep the factory-set password. Normally that’s ADMIN, or some variation thereof.
Once access to the router is required, the scammers basically have free reign over the victim’s computer. They can run unseen key logging programs or constantly re-direct the web browser to dummy pages. In no time all personal and confidential information will be accessed. No virus software can spot it, and the firewalls are useless once they have control of your router.
The safest bet for avoiding this travesty is to restore your router back to factory settings and reset the name and password. Use a long sequence both alpha and numeric. Make it difficult to guess and you won’t be worth the trouble.
The most recent pathway to pharming utilizes our newfound reliance on free wireless access and is called an evil twin attack.
Evil twin attacks are pretty simple. The scammer sets up shop in a free wireless hotspot like an airport, café, library or hotel lobby. Using a laptop and a wireless card, they can create their own access point and make it appear legitimate by giving it a name similar to the establishment where they are located.
Whether on a laptop or smart phone, the users are given a choice of networks when entering a free wireless hotspot. Because they are normally just a few feet away, the hackers signal is strongest and appears at the top of the list. Coupled with a legitimate-sounding name, it’s often a natural first choice for the wireless internet users.
Once they are logged into the evil twin network, the pharming begins. The con artist is able to eavesdrop on the victim’s system without their knowledge and set up key logger programs or redirect web traffic to dummy sites where they can pharm the confidential information.
If using a smart phone its wise to check your settings and make sure the unit isn’t set up to automatically connect with the strongest internet signal. Also pay attention to any dialog boxes which might pop up warning you are visiting an unencrypted site.
The safest bet, however, is to simply not conduct sensitive and/or confidential business from an unsecured location via laptop or smart phone. If you wouldn’t feel comfortable conducting this business with a stranger watching over your shoulder, then you would be wise not doing it from a free wireless hotspot.
These are a few of the ways scammers are breaking new ground to exploit the rapid trend of simplified, digitized lives. Like all scams, though, pharming can be avoided when one practices an ounce of prevention and uses their common sense. Just because you feel secure, doesn’t necessarily mean you are. Please keep your eyes wide open.