:: Cyber Security for Seniors ::
Guelph Wellington
Seniors Association

Take Advantage of Your Seniority!

HOMERESOURCESGWSA SOS BLOGS NEWS FRAUD ALERT FAQ CONTACT US

Identity TheftPharming

WHAT IS PHARMING?

"Pharming" and "phishing" are a pair of favorite Internet devices used by criminals to cheat consumers out of their valuable personal information. Pharming is an attack in which a computer user is fooled into entering sensitive data - such as a password or credit card number - into a malicious Web site that impersonates a legitimate commercial site. Phishing attacks begin with e-mail messages designed to induce consumers to click on bogus Web site links that are contained in the message. Financial service institutions are the most popular target for both scams.

Pharming is sneakier than phishing in that the crook does not have to rely on the victim clicking a link in an e-mail. In a pharming attack, the user correctly enters a word address /domain name into a browser's address bar, but instead of visiting a legitimate Web site, the user is redirected by the crook to a Web page that merely looks like it might be legitimate. In reality, the unsuspecting victim has landed at a malicious Web site whose only goal is to steal consumers' personal information. So, when the users enter their login names and passwords, the information is captured by criminals and used to commit identity theft and related frauds.

HOW DOES THE CROOK REDIRECT INTERNET TRAFFIC?

The scam relies on the fact that word addresses used by computers are translated into distinct numerical addresses. The Internet uses a series of domain name servers that translate the familiar word address you type into a specific numerical Internet address that you never see. Thus the word address/domain name may be www.example.com, while the Internet name may be "123.0.4.567." The Internet name or address (technically called IP address) consists of four numbers, each between 0 and 255, which are separated by . (dots).

For example, if you type www.gwsa-guelph.ca, the request goes to a domain name system (DNS) server, which then locates the registered Internet address for the Web server at the Guelph Wellington Seniors Association site. While typing www.gwsa-guelph.ca is much more convenient than remembering a numeric code, the translation from words to numbers is a vulnerable link in the Internet's infrastructure, as savvy criminal hackers can change the domain name system record or even take down the DNS system all together. This technique is often referred to as DNS poisoning.

HOW TO COMBAT PHARMING

A Web site designed to combat pharming attacks will use a secure connection to prevent impersonations. The site typically uses the HTTPS Web protocol on their login page to allow the user to verify the Web site's identity. If an attacker attempts to impersonate this type of Web site, the user will receive a message from the browser indicating that the Web site's "certificate" does not match the address being visited.

Additional measures to help avoid pharming attacks include:

...Install and update personal firewall program (only protects against virus-type of pharming attacks).

...Regularly run anti-virus and anti-spyware programs.

...Check for updates to your operating system and patches for other commercial software programs that address security vulnerabilities.

...Users of Microsoft Windows operating systems should be sure to check for updates at Microsoft's Web site, www.microsoft.com, and users of Windows XP can review built-in firewall options.

...Carefully examine the supposedly secure portion of a Web site to be sure that the Web address in your browser gives a HTTPS secure site indicator, not just an unsecured HTTP indicator.

...Check the padlock icon by double clicking on it to determine who owns the security certificate of any questionable site. Fake sites either will not have a certificate or the certificate will appear to be owned by an entity unrelated to the financial institution.

...Changes in the login information on a financial Web site can also be an indicator of potential pharming activity. If you are uncertain about a site, you may wish to contact your financial institution by telephone.

In addition, there are a variety of free or low-cost firewall and anti-virus programs available for download. Users can use search engines to read reviews of competing products for effectiveness, ease of use, and frequency of updates.

Disclaimer:
"This site contains links to other Internet sites. These links are not endorsements of any products or services on such sites, and no information in such site has been endorsed or approved by this site."

             

"This project has been made possible by a grant from the Ministry of Community Safety and Correctional Services"



© 2008 Guelph Wellington Seniors Association - Design by Ken Russell & Associates
Design downloaded from Free Templates - your source for free web templates