Phishing and Pharming to Get your Information

When using the Internet, unless you are very inquisitive, skilled and have a lot of time you know nothing about the site other than the name displayed by the site. Scammers work very hard to mask themselves from you with websites that appear legitimate. In fact, the setting up of fake sites to steal your personal information has become significant and widespread enough to warrant labels like “phishing” and “pharming” and daily references to attacks. Phishing usually uses an email to entice you to go to their site. The enticements range from unbelievably tempting deals to emails that cause you act emotionally such as in response to “there has been an unusually large purchase on your VISA card – please visit our fraud site to validate”. Pharming is an even more subtle approach. It uses technical tricks available on the Internet that actually change the destination of the URL that you see on your browser and points to another site under the covers. In other words, you could think that you are accessing your bank while actually entering a scam site.

Normal Information Protection Measures aren’t Working

Web presentation technology and access flexibility have made it very easy for fake sites to gain your confidence to the point that even well trained professionals are having difficulty in determining whether a site is legitimate. Web thieves’ technologies are so sophisticated that they can actually capture your keystrokes before you submit the information that you have entered.

The most prevalent answer to identity theft problems such as phishing and pharming is to educate the user. The difficulty lies in the fact that the guidelines offered conflict with many of the Web premises regarding ease of navigation, and challenge their ability to make meaningful decisions with such advice as:

  • Do not follow links that cross sites – But shopping comparison sites like shopping.com, pricegrabber.com etc. always use redirects to sites for shopping.
  • Do not disclose any information to un-bona fide sites. – How does one verify that the site is bona fide?
  • Confirm that the session used is secured with a valid certificate and verify the owner of the certificate – Who knows how to do that?

Something more reasonable is needed.

Can IT Solutions Help?

IT organizations have a lot of experience in protecting their users from the bad guys. They focus on prevention technologies that filter phishing email attacks using anti-spam approaches and block outbound web access to blacklisted sites. Some organizations block web access to all sites except to those on a white list. The latter approach is often out of desperation when the prior approaches aren’t enough. For an IT organization with their own network these techniques can be implemented in a proxy server or firewall. If the company being served by the IT organization also uses the internet, special software installed in the desktop is needed in order to force connectivity to their proxy server first.

For users outside of the “internal company network,” that need more web access “freedom”, special software is installed on the users’ users systems. This software is like anti-virus and anti-intrusion detection and blocks or warns when access to blacklisted sites is attempted. The problem is currency; the update of the black lists is not immediate. It usually takes several hours to detect the site and update the list. Like most burglaries, the scam is usually highly effective and reaches most of its victims during the first few hours Scam sites are usually shut down or detected after a few hours of effective activity, so the blacklist is typically only as good as the rapidity of the detection and currency of the list.

by : Yoram Nissenboim