Phishing, Pharming, and Spam Margaret StewartTuesday, Oct. 21, 2006
Phishing (not with a pole) A criminal activity online in which Phishers attempt to gain access to classified information such as credit card/bank account numbers and passwords. Comes from the word “fishing” because of the many lures that phishers use to deceive phishes. Usually occurs in email or instant messages. Has been somewhat controlled by legislation, user training, and technology.
Phishing (for your money) First occurred on AOL during the 1990s. Recent forms of Phishing include false emails from the IRS and scams directed towards members of specific banks (spear phishing). Social networking sites that encourage identity theft have a 70% success rate for phishing. Phishers disguise their sites to look like a banks own site by using pictures, false links, and false web addresses. Both PayPal and SouthTrust Bank have had problems with phishers in recent years.
Phishing (don’t get hooked) Phishing can result in stolen money, identity theft, and a loss of access to bank, credit card, and email accounts From May 2004 to May 2005, 2.1 million people became the victims of phishers. This led to a monetary loss of $929million for users and $2billion for businesses. You can protect yourself by looking for specific, personal information in each email that asks for banking and account confirmation. Some companies now make anti-phishing software.
Pharming (without a barn) Pharming occurs when a pharmer either changes an IP address on his victim’s computer or changes the address at the DSN server (the telephone book of the internet). Unlike phishing, where a user may notice that the address of a site is wrong, pharming changes what website the address goes to so that the user may never know the difference. Therefore, the pharmer can make his fake site to look identical to the site the user was trying to reach.
Pharming (no chickens either) The idea that files on a personal computer will be changed is not a big worry. The biggest threat is that a pharmer will reconfigure or rewrite the embedded software of a DSN server (firmware); therefore, changing the routing process for all IP addresses. A pharmer can also completely replace the firmware of a server and begin to “eavesdrop,” make middle-man transactions, and follow the internet habits of users. All of this can be done using wireless routers which makes pharming even more dangerous.
Pharming (bring home the cows) In 2005, Panix, a domain name in New York city was hijacked into Australia. No money was lost. To verify an instance of pharming click on start>run>type “command.” In the command prompt type nslookup, a space, and then the questionable IP address. If the domain looks legitimate, then everything is probably all right. Otherwise, turn the case over to a computer technician for further analysis.
Spam (the other lunchmeat) Spam can target email, instant messaging, mobile phones, newsgroup, web searches, and online gaming. The most common and most annoying kind of spam is in email. Spam is relatively cheap and convenient to produce because the public pays the cost. Spam is hated world wide because of its annoying nature
Spam (now made with turkey) Those who produce email spam do their best hide their generating computers. The spam makes its way through spam blocks on email accounts by purposely misspelling words. (ex. Wiater instead of Waiter) Most spam involves illegal activities such as porn and the Nigerian banking scams. Spam even combines viruses to turn victims’ computers into zombies that continuously generate small amounts of spam.
Spam (pops up everywhere) The cost to most victims is the loss in time for surfing the internet or checking email. Countermeasures against spam include filters, greylists, blacklists, traps and restrictions. Filters are not well liked because of their many false hits. Spam traps are dormant email addresses that collect spam messages. However, these trap some businesses that add customers to mailing lists by pulling email addresses off other mailing lists.