Friday, May 13, 2005

Pharming scams

Pharming scams

A new threat to online transactions called "pharming" has emerged which can illegally redirect users to fraudulent web sites. This latest form of attack redirects Internet users from legitimate Web sites to malicious ones using a strategy called DNS cache poisoning. Although DNS cache poisoning is not new, the complexity of the new pharming attacks is cause for concern.

The "Pharmer" inconspicuously hijacks your computer and coerces it into taking you to a copycat web site. The site it takes you to is most commonly a page that looks identical to that of your bank or financial web institution. From this point, they have trapped you into submitting your vital passwords and financial information straight into their databanks. The process can be compared to switching a street sign on a driver in a new city, sending them down the wrong street. Similarly it can also be compared to switching the names connected to phone numbers in a phone book, when a user goes to look up a name, they end up calling the wrong number.

More specifically, when a user types a URL, such as, into their Internet browser, a request goes to a local DNS (Domain Name System) server, which then locates the registered IP (Internet Protocol) address for the Web server. When a hacker poisons a DNS server, they change the IP address for a domain and send visitors to a completely different Web site, usually without their knowledge.

Be aware that Pharming scams take several forms:

  • A hacker could break into an Internet service provider's DNS servers and switch legitimate addresses stored in the server's "cache,'' a temporary holding area, with bogus addresses in a practice called "DNS poisoning," as stated previously.
  • A scam artist could pretend to be a Web site's operator to persuade an Internet registrar to make the change to the bogus address in the registration database.
  • Attackers could use malicious code, such as a virus or Trojan program, planted on a user's PC to track keystrokes or change a computer's settings to take users to fraudulent copies of legitimate Web sites they request.
  • Hackers could also target the 13 "root" DNS servers that route all Internet traffic.

One way to check to see if the site you have been directed to is real is to look for the gold lock icon, usually located in the bottom right corner of your browsers screen. If the icon does appear, click on it to verify a secure connection. However, keep in mind that the lock does not "guarantee" security. It is only a temporary security solution as there is no telling when the hackers will be able to perfect this icon to look legitimate.

So, better be careful.


  My Email : 
  Visit My Email blog here :

Yahoo! Mail Mobile
Take Yahoo! Mail with you! Check email on your mobile phone.

No comments:

Post a Comment