You May Not Take the Phish Bait, but are You Giving Away the Pharm?30 May 2005
As the way we communicate and transact continues to become more sophisticated, so it seems that those who prey upon the weak and vulnerable in society take scamming to a new level. Internet users now have a very real and troubling new threat to educate themselves about—Pharming.
Most users are now aware of email Phishing scams, where users receive emails from “Big Bank USA” warning that there is a security alert which will result in the closing of their account if they don't respond immediately. This email directs the user to a login screen containing all the personal and account information to the user's bank account. The disturbing fact remains that those who are victimized by such scams are told by their bank that their security is their own business and that the bank bears no liability.
Pharming has the potential to rock the financial world like an earthquake. It brings theft to a broader scale of damage only equaled by the losses suffered by shareholders of Enron. Pharmers target the DNS (Domain Name Server) in a process called cache poisoning where web addresses are copied then counterfeited. Once the DNS is poisoned, it allows scammers to control the server to redirect traffic toward their target copy ripoff. A user routinely and comfortably types a domain such as bigusabank.com which has actually been redirected to another location collocated on a third world server. This counterfeit location may even include a secure looking site such as: bigusabank.com/34234/0982314/465adbjkasdasd.axpx. The clone site extracts user names, logins and other personal information. Unique to pharming, the criminals can now quickly gather large amounts of login identities and turn their criminal efforts into stolen money transferred to their third world bank accounts. What's worse, according to bank sources, many third world banks not only don't condone the activity but may actively support and actually help to sponsor such scams and provide profit sharing with the scammers.
Several companies including LogiGuard LLC provide server protection certification. LogiGuard presents Hacker Guard as a server solution to those desiring advanced security. Hacker Guard alerts System Administrators in real time of changes to their home pages and server exploits which protects websites from DNS manipulations and individual users from malicious pharming scandals. Hacker Guard is constantly updated for vulnerabilities that such scammers exploit to change DNS information. LogiGuard ensures that your web host's server is protected to the known exploits as listed by SANS (SysAdmin Audit Network Security) Institute which is an independent network of IT specialists that categorize and identify new and emerging internet and network vulnerabilities. Now more than ever, your web host needs to offer third party verification to certify that their server is protected.
Perhaps the most disturbing aspect of this new threat, Pharming, is that internet customers bear the burden of liability to maintain their own security, according to banking analysts. However, if your web host is not secured, this is one strike you may not be able to detect until it is too late. We encourage internet users to contact their web host and ask them to provide evidence of privacy security on their server which protects individual identities.
Source: PR Web
All trademarks and copyrighted information contained herein are the property of their respective owners.
The Shield Pro 2006
Related Articles
|
