Computer Crime Research Center


Warning! Pharming!

Date: April 20, 2005
By: Jane Larson

It's the next Internet scam, and it could be the most menacing.

The reason: Even experienced Internet users can become victims and not know it.

The ploy is called "pharming" - a play off "phishing," the last Internet fraud - and it involves highly skilled hackers who secretly redirect users' computers from financial sites to the scammers' fake ones, where they steal passwords and other personal information. Even the Web address looks the same.

Unlike phishing, where users click on links in e-mails and are taken to fake sites, pharming intercepts a user on his or her way to the bank or a credit-card firm. And it potentially can affect thousands of users at a time.

"With pharming, you don't have to do anything stupid to get on the hook," said Tom Leighton, chief scientist of Internet software firm Akamai Technologies Inc. in Cambridge, Mass. "You're just swimming along and you get caught in the net."

Banks in Arizona are starting to see the problem, and large members are familiar with the scam, said Tanya Wheeless, president and chief executive of the Arizona Bankers Association. The Arizona Attorney General's Office said it heard of a case last month in which a Phoenix man lost $5,000 from his bank account after answering an online pop-up survey that purported to be from his bank.

It is just a matter of time before the scam becomes widespread, experts fear.

"If it didn't get worse, it would buck the trend of all known security problems," said David Jevans, a Silicon Valley executive who is chairman of the fraud-fighting Anti-Phishing Working Group.

The scam is so new that Internet security gurus have just started warning about it.

Akamai's Leighton told a technology conference in Phoenix in December that hackers were targeting small sections of the Internet and re-routing traffic to fake bank sites to capture users' passwords. The legitimate sites don't notice the drop in Web traffic, because it is just a fraction of the total, he said.

An anti-phishing bill introduced in Congress last month would also apply to pharming. It calls for prison time and fines for those caught phishing or pharming.

Pharmers have two main ways they operate, attacking either users' computers or the large servers that find Web sites for users, security experts say.
Original article

Add comment  Email to a Friend

Discussion is closed - view comments archieve
2005-10-03 07:27:40 - >So who is minding those large servers... binish
2005-04-21 19:36:17 - So who is minding those large servers that... DL
Total 2 comments
Copyright © 2001-2013 Computer Crime Research Center
CCRC logo