Advertisment
Tech Explained

Fight Phishing and Pharming

author-image
PCQ Bureau
New Update

It's a Monday morning, you check your e-mail and find an offer from a well-known bank saying you have been selected for an exclusive credit card, at a very low APR. The mail provides you a link to the bank's website, detailing information about the scheme and how you can apply, and a link where you can sign up for this offer, which the e-mail warns isn't available through the website's regular signup form. You click on the link, and fill the form. Somewhere on the form, you're asked for your bank account, your earnings and other such 'mundane' things. The following Wednesday, you're out shopping and decide to use your card. The cash clerk at the counter tells you 'Sorry sir, your card is maxed out.' Puzzled, you check up your bank account and find a balance of zero. How did this happen? Well, you were just a victim of phishing. Remember that link you clicked on? That was a scam to get your bank account details and the way it was presented was crafted specially to fool you into thinking it was a genuine e-mail and that you were a very important person.

Advertisment

The term phishing was framed by hackers trying to steal AOL user accounts. In phishing, scammers 'fish' for user information. This can be personally identifiable information (like your name, address or e-mail address) or financial information. The idea is that bait is thrown out with the hope that atleast some users will be tempted to hook to it. 

Direct Hit!
Applies to: Users of online facilities
USP:

 Protect yourself from online fraud
Links:

www.astalavista.com 

We will discuss in detail about phishing, ways of protecting from phishing, reporting it and an overview of

pharming. 

Advertisment

How phishing works ?



Phishing is the act of sending fraudulent e-mail notifications, which appear to be from well-known websites or companies. The e-mail has a link which directs you to a specially designed website which looks similar to the original one. It is not usually easy to notice that it is a fake one. You are then requested to fill or update information such as your password, personally identifiable information, credit card or bank account details. You believe that you are typing information on the real website, but it is not so. Ultimately, the phisher gets access to your information and uses it for his personal gain.

Protection from phishing 



There are some simple measures that you can take and prevent yourself from being a target of

phishing.

  • If an e-mail asks for username, password, bank account number, etc-be suspicious of it. Before responding to it call up the company that's supposed to have sent it.
  • Look at the 'from' field in the mail. If it is from an unknown person or company, ignore it.
  • When submitting personally identifiable information, always see that website is secure (https://

    instead of http:// in the URL). 
  • You can also look for grammatical errors in the mail. If you find one, check the mail's legitimacy from person or company that was supposed to have sent it. 
  • Some e-mail have forms in them, with an inviting submit button. Don't fill such forms, especially if it asks for financial or other personally identifiable information. Instead, check if the e-mail gives you a link to their website for this and use the link to check if that website is real. Fill and submit only once you're sure the site is genuine.
  • Periodically check your online accounts and ensure that details are legitimate. If you find something suspicious do contact the company. Change the passwords regularly.
  • You can download freely available toolbars from netcraft, phishnet, phishguard and Earthlink that warn you in different ways about the genuineness of a website. These toolbars are not a definite way to protect you from phishing, but they warn and alert you about a website's intentions. There is also the Deepnet Explorer, which is the first browser to have a built-in detection for phishing. The installation of the toolbars and the browser are both fast and easy. The toolbar gets installed in the IE. We will discuss how the Earthlink toolbar (www.earthlink.net/earthlinktoolbar)

    and the Deepnet browser (http://www.



    deepnetexplorer.com/download.asp) work and in what way they can help you get partial protection from phishing. 
Advertisment

Earthlink



This toolbar displays icons for scamblocker and pop-up blocker on IE's toolbar. It maintains a list of phisher sites on the Earthlink server and checks the website you are visiting against this database. If a match is found then scamblocker does not open the site. It also analyzes the page and gives its rating-neutral, accepted or rejected. A neutral rating means that no fraud has been reported with the site. 

Phishing and pharming scams
A very well known scam, prevalent worldwide, is the Citibank e-mail scam. You receive an mail that claims to be from Citibank, though you may not have a Citibank account. The mail asks to update the bank account details and looks so genuine that even non-account holders click on the link and provide vital information.

A phishing scam occurred with a few ICICI bank customers last year, where an e-mail gave a URL directing the customer to a website resembling the official site. They were asked for their ICICI Internet login name and password. One of the customers suspected something wrong and called up the bank. It was found out that the bank had nothing to do with this. A police complaint was lodged by ICICI. 

Some other recent phishing attacks reported to anti-phishing group are related to MSN, KeyBank, Amazon.com and PayPal.

There are a lesser number of pharming scams reported-visitors to websites of eBay, HSBC and Al-Jazeera have been the victims.

Deepnet explorer



This browser has three levels of phishing alarms. These are classified as high, medium and low. The high level offers the maximum options (three) for detecting a phishing site. The options are: checking the website against a black list, intelligent detection of phishing and prompting if an IP address is used in the URL. It is better to select the highest level of phishing alarm. 

Advertisment

Reporting phishing 



The Indian Department of Information Technology(www.efile.mit.gov.in/pgramsonline)

has a public grievance system where you can lodge complaints. There is also an anti-phishing group (www.antiphishing.org) where phishing activities can be reported. You can lodge a complaint with the cyber crime cell of your nearest police department or with the company the mail was supposed to have come from. In case of police, ensure that the complaint is registered under the cyber law and not IPC. Both the EarthLink and netcraft toolbars have an option for reporting fishing to their own anti-fraud teams. 

Pharming



Pharming is more dangerous than phishing. In pharming even though you enter a valid URL, it gets redirected automatically to a fake site and you can't notice this.

DNS cache poisoning (Trojan horse) is one of the techniques used for pharming attacks. In this, a DNS server is bombarded with fake updates for

certain domains, which causes visitors to those websites, to be redirected to a fake site. But pharming is not easy to do and hence it's uncommon. But not for very long!

Users can be provided with multi-level authentication for effective protection from pharming. Some financial institutions are using automatic telephone callbacks asking their customers to confirm an online transaction has taken place. The ASB bank in New Zealand sends customers special access codes through SMS to carry out transactions. There are no anti-pharming groups, though toolbars can be used for some protection. You can keep a watch on the URL and if you find something wrong, you can avoid continuing with that website. You can still file a complaint with the cyber crime cell of the police or company with reference to that pharming attack.

Sushil Oswal

Advertisment