New Threats to Online Banking 

Just imagine! One fine day you come to your office, boot your workstation and decide to check your bank balance over the Internet. You enter the bank's URL. The website opens up

normally. Just to cross check for the site's authenticity, you also check the IP address and the whois reply of the website using Phishing prevention tools and don't get any errors. Satisfied with this, you decide to click on the 'LOGIN' button of your bank to get the secure login page of the bank. This again opens up normally, and you cross check whether the lock symbol is there at the bottom of your Web browser window, and the URL starts with 'https'. This proves that the site is secure and even tells how it's encrypted. You also notice the 'https' part in the address bar. Once again, satisfied, you decide to enter your username and password to login. Do you know that despite all these precautions, you can get phished? Might seem impossible, but that's how smart phishing sites are

becoming.

src="https://www.pcquest.com/images/http://www.computersathome.com/content/digital_home/digital_life/trans_dot.gif" width=2 border=0>

src='/IMG/091/62091/curveboct2k2.jpg' width=18

border=0>

src="https://www.pcquest.com/images/http://www.computersathome.com/content/digital_home/digital_life/trans_dot.gif" width=2 border=0>

src='/IMG/043/62043/bluebulletjune2k2.gif' width=5 vspace=5 border=0> How real are online banking threats? Fraudulent e-mail are now passé. Scamsters are using pharming techniques to automatically redirect you to a fake bank website src='/IMG/043/62043/bluebulletjune2k2.gif' width=5 vspace=5 border=0> Real or Fake How to check whether you're accessing a real or fake bank site src='/IMG/043/62043/bluebulletjune2k2.gif' width=5 vspace=5 border=0> Combating online fraud A few precautions can help you determine whether the website you're accessing is fake or real. Plus, there are tools available to make your job lot easier

src="https://www.pcquest.com/images/http://www.computersathome.com/content/digital_home/digital_life/trans_dot.gif" width=2 border=0>

src="https://www.pcquest.com/images/http://www.computersathome.com/content/digital_home/digital_life/trans_dot.gif" width=2 border=0>

src='/IMG/093/62093/curvedoct2k2.jpg' width=18

border=0>

For more than two months now, we've been trying to figure out how easy it is for somebody to create such a fake site. And the answer we got was partially scary and partially satisfactory. The scary part was that it's not very difficult to do so, but the satisfactory part is that no phishing site is 100% foolproof.

Unfortunately, the problem is that even a regular phishing site is more than sufficient to confuse anybody, layman and seasoned computer users alike. The reason for this is not because phishing sites use some great technology to evade detection. They use the same old HTML and scripts as used by any other site. The problem is the new and more dangerous techniques that scamsters are using to lure users to fake sites. One is pharming, in which they never have to access the users' machines in any way. Others include the use of trojans to modify some files on the user's machines.

In this story, we will look at pharming and other techniques in more detail, and how there are scamsters using them to create fake sites. This is meant to help you understand online threats better so that you can protect yourselves from them.

We will then explain who all are susceptible to getting phished followed by how to detect phony sites.

Anil Chopra and Anindya Roy