Roosevelt University in Chicago, Schaumburg and Online - Logo

Phishing, Pharming and Your Online Safety

Identity thieves may obtain information about you by phishing or pharming. (The spelling of these apropos terms is part of an underground slang system that began with "phone phreaking": using electronics to hack into telephones and get free calls.)

In phishing, a criminal uses socially engineered bait to obtain confidential user data or to get money directly. "Social engineering" is the general term used for this technique, in which the hacker tries to trick you to into divulging personal information voluntarily. In pharming, malware is used to harvest confidential data, much as a farmer harvests crops.   Both are scams trying to trick you into surrendering personal information. Fraud and identity theft are the likely result!

Spam is merely unwelcome advertising, but it can also have criminal intent. Spam may be the vehicle for phishing or pharming. Spam also clogs bandwidth to create “denial of service” situations.

Phishing

An example of phishing is an email message that appears to come from a bank where you may (or may not) have an account. The message may claim information is needed to prevent fraud, to assist in the fight against terrorism, or to meet some legal requirement.

Warning Signs!

  1. The e-mail may appear to come from a banking institution, a government agency, or even from Roosevelt University. 
  2. It will often contain flawed English and threaten negative consequences for non-compliance.
  3. It will often direct you to a realistically badged but fake Web site. The site is not authentic and is intended only to steal personal information.

Most phishing is easily recognizable as such, but new schemes are devised every day.

  1. Do not trust unsolicited e-mail that asks for personal information such as a social security number, password, or account number. No reputable institution (including RU!) will ask you to submit sensitive data over email.
  2. Do not fill out forms in e-mail messages that request sensitive information. Only provide such information when you yourself initiate contact with a bank or governmental agency by calling them directly or logging onto their secure Web site.
  3. Keep close tabs on your on-line accounts
  4. Keep your Web browser's security patches updated.

Other scams have been around in one form or another for decades, centuries, or since the beginning of time. The only new thing about them is the use of e-mail.  One of the most famous spam scams is the Nigerian “advance-fee” or “4-1-9” fraud (named after a section of the Nigerian penal code). In this scam, e-mails are sent sent to addresses taken from mailing lists or harvested by malware.  In these e-mails, confidence artists claim to be important Nigerian personages (current or former officials, business people, bankers, or their family members) who are having legal or other problems.

They say that they require a safe place to store their money, and they wish to transfer large sums into your bank account offering you a substantial cut for allowing them to do so. You will then be asked for money to cover bribes, transfer fees, or attorney’s costs, and you may also be asked for blank letterheads and your bank account numbers.

Besides getting some of your money directly from you, they will also rifle your accounts. Amazingly, this scam is based upon a confidence game dating back to 1588 known as the “Spanish Prisoner” con. Of course, e-mail was not then the vehicle. And perpetrators of the current version needn’t be Nigerian. (For more on the Spanish Prisoner con, check the on-line Wikipedia).

Pharming

Phishing is likely to remain one of the biggest threats to computer users throughout the foreseeable future, but you probably wouldn’t provide sensitive information to a bank you don’t do business with, and you’d probably be suspicious of anyone who wanted to share their money with you, even if you knew them. Pharming, however, is intended to get sensitive information from even the most sophisticated user.

Pharming attacks rely upon technology, not social engineering. Pharmers will surreptitiously redirect as many users as possible from legitimate sites to malicious ones masquerading as the originals. Users do not consciously participate in this redirection. Such attacks may rely upon e-mailed Trojan viruses that rewrite host files. Other techniques rely upon DNS poisoning or subtle DNS name alterations. All involve navigation to malicious Web sites which download code.

A computer with a compromised host file will go to the wrong website even if the user types in the correct URL. And every Internet request must go through a DNS server. With DNS poisoning, false information about which Websites are at which addresses can herd users to bogus sites even if they too typed in the correct URLs.

In DNS name alteration, additional letters are added to correct addresses to misdirect users. Navigating to a malicious HTML page could result in a vulnerable Web browser downloading and executing malware. This malware might then notify certain Websites of the infected system’s address and also monitor Internet Explorer usage in an attempt to steal account information.

Fortunately, though pharmer-fighting technologies have not yet been developed, pharming is new and relatively difficult and has not become a widespread problem. A system with up-to-date security patches and effective anti-spam and anti-virus protection should be safe.