Phishing & Pharming

What is Phishing?

Phishing is a type of online fraud where the perpetrators attempt to acquire personal, financial, and/or other account information (such as user IDs, passwords, credit card numbers, PINs, etc.) from unsuspecting victims. This type of fraud is typically initiated by sending an unsolicited but official-looking e-mail claiming to be from a reputable company, such as a bank, a credit card firm, or an online establishment. The fraudulent e-mail often contains an urgent message that tries to lure the recipient into providing sensitive information. These e-mails may warn you that your account will be suspended or charges will be made to your account if you do not respond.

How do I recognize a fraudulent e-mail?
It can be very difficult. Many of these e-mails use logos, formats and phrases that are identical to legitimate emails sent by a customer's financial institution. Some frauds are easy to spot because they contain misspellings, misused words, or even a copy of a web page within the body of the e-mail. Others may provide more subtle clues, such as unfamiliar return e-mail addresses or links to web sites that don't include the financial institution's domain.

What can I do to protect myself from "Phishing" scams?
Do not respond to e-mails asking for any personal or financial information.
We will never ask you to verify or provide any confidential information in an unsolicited e-mail.

Be cautious when clicking on links within a suspicious email.
Most phishing e-mails contain a link that leads to an official-looking web page which requires the recipient to log in or enter some personal information.

Though the web page may contain official logos and look exactly the same as the legitimate company's web site, any information submitted via these spoofed web page(s) will be sent to the perpetrators of the scam.

If you have any doubt regarding the authenticity of a web site you have been directed to in an e-mail, we strongly recommend that you open a new browser and type the known URL of the company in the browser yourself, or call the company directly via telephone.

Never log in or enter private information in a pop-up window.
Clicking on links within phishing e-mails may direct your browser to a legitimate web site while, at the same time, opening another pop-up window wherein you are asked to enter your information. This makes it appear like the pop-up window is part of the legitimate site when, in reality, it is not.

What is Pharming?

Pharming (from "farming"), on the other hand, exploits the Domain Name System (DNS) — the Internet system that translates a computer name into an Internet Protocol (IP) address. The pharmers hack into and try to transform the host name into an IP address other than the legitimate one. Then it is possible for a pharmer to set up a web site looking similar to an Internet bank and harvest losts of personal information. An older phrase for pharming is DNS poisoning.

Pharming is the exploitation of a vulnerability in the DNS server software that allows a hacker to acquire the Domain Name for a site, and to redirect traffic to that web site to another web site. DNS servers are the machines responsible for resolving internet names into their real addresses — the "signposts" of the Internet. If the web site receiving the traffic is a fake web site, such as a copy of a bank's web site, it can be used to "phish" or steal a computer user's passwords, PIN number or account number.

There are several techinques used. One is to change the hosts file on your own local computer. This can, for example, be done by viruses and other malicious programs that infect your computer. Another is to make changes in the computer(s) that provide the translation from host name to IP addresses (the DNS servers), by exploiting vulnerabilities in these computers.

"Phishing is to pharming what a guy with a rod and a reel is to a Russian trawler. Phishers have to approach their targets one by one. Pharmers can scoop up many victims in a single pass," said Chris Risley, president and chief executive officer of Nominum, a provider of IP address infrastructure technology for businesses.

Pharmers simply redirect as many users as possible from the legitimate commercial web sites they'd intended to visit and lead them to malicious ones. The bogus sites, to which victims are redirected without their knowledge or consent, will likely look the same as a genuine site. But when users enter their login name and password, the information is captured by criminals.

Gerhard Eschelbeck, CTO of Qualys, a vulnerability management company, said recently that pharming is simply a new name for a relatively old concept: domain spoofing. Rather than spamming you with e-mail requests, pharmers work quietly in the background, "poisoning" your local DNS server by redirecting your Web request somewhere else. As far as your browser's concerned, you're connected to the right site. The danger here is that you no longer have to click an e-mail link to hand over your personal information to identity thieves.

What is being done to prevent"Pharming" scams?
Some financial institutions, whose users are the prime targets of phishing and pharming scams, are experimenting with "multi-factor authentication" logins, including things like single-use passwords and automatic telephone call-backs confirming that a transaction is about to take place. Such practices can limit the havoc a malicious hacker can wreak with a collection of stolen logins and passwords.