The Latest Cache Crop on the Pharm: Your Identity24 June 2005
Last month LogiGuard released an article introducing web users to the potential threat of Pharming as the latest in the evolving collection of hacker tools. This article is going to look at some tale tell signs to warn you about the newest cache crop that Pharmers are harvesting: Your Identity!
In review, we described how Pharmers target the DNS (Domain Name Server) in a process called cache poisoning where web addresses are copied then counterfeited. Once the DNS is poisoned, it allows scammers to control the server to redirect traffic toward their target copy ripoff. A user routinely and comfortably types a domain such as bigusabank.com which has actually been redirected to another location collocated on a third world server. This counterfeit location may even include a secure looking site such as : bigusabank.com/34234/0982314/46546abakjolfadbjkasdasd.axpx. The clone site extracts user names, logins and other personal information.
As was mentioned last month, the Pharmers can now quickly harvest large amounts of login identities and turn their criminal efforts into stolen money transferred to their third world bank accounts. This method of gathering information is unique to pharming. The real jaw dropper, according to bank sources, is that many third world banks not only don’t condone the activity but may actively support and actually help to sponsor such scams and provide profit sharing with the scammers. This illegal gathering of personal information provides the pharmers with a very lucrative cache crop.
Most defenses against cache poisoning, and having your information turned into a cache crop, need to come from your web host and your system administrator's desk by employing some form of third party certification against known server exploits. One product example available on the market today is Hacker Guard. This type of service provides penetration testing against the server to see if any one or even several of known vulnerabilities can be detected.
So... you're at your desktop and the last thing you're in the mood for is having to deal with an identity theft con game. What can you do? For starters, keep an eye on the security lock encryption SSL symbol down on the bottom left of your browser (FireFox and Internet Explorer). Although this certificate can be faked, an advanced level of Pharming must be used to create such a bogus certificate. Of course on the web, trust nothing at first glance. Err to the side of caution. At login, a carefully crafted “fake” site will usually mirror the current genuine site. This is the moment where the con expands. Upon input of your user name and password you will be directed to a “security login” screen which will ask you to reverify all your information, just for “security purposes.” The site at this point will offer you no information about your account, because they don't have any! Just as on phish forms, you will have to input your data and then be directed to some “404 page error” and no further information will be provided. If this happens, you may have become the latest victim on the Pharm.
If upon entering your user name and other normal login information you are directed to provide more information for security purposes... stop, wait and make a phone call. If your bank is like the all the other banks, it may take several minutes to get through to an actual person, but it may be time well spent. Ask about these new security verification screens you are being asked to use. Another option to check your computer's condition and a possible pharm job, is to try to login at another computer, independent of the current ISP to which you're accustomed.
Bottom line, if you log in to your typical bookmarked site and things are exactly the same... slow down and suspect everything. Yes, websites often change, but a legitimate site won't ask you for more security verification fields before you know who they are. In other words, in the case of the bank site you should see your balances and existing user profile. This is information these pharmers don't have, otherwise they would already be out selling their cache crop! When anyone asks for extra security information because there has been some sort of security “breach,” slow down, and, if you can, log in another day. No bank in the United States, and most nations, has the right to confiscate and place your account in escrow without some significant court documentation. Anyone demanding that you “must take immediate account action”-- unless they are from the Internal Revenue Service (don't worry... they come by mail, phone, or personal visit NOT spammed email) -- and asks for account re-verification is probably in a hurry alright...a hurry to sell off your identity, the latest cache crop.
Source: PR Web
All trademarks and copyrighted information contained herein are the property of their respective owners.
The Shield Pro 2006
Related Articles
|
