Phishing on the Pharm

June 9, 2005

The influx of e-mail messages that I receive from fake entities claiming to be real ones is mind-boggling.

In the past few months, I received several messages claiming to be sent from:

• a major bank
• eBay
• PayPal
• IBM

In all cases, they wanted me to “click here” to fix my account problem. Since I know better, I either deleted the messages, reported them, or both.

What is Phishing and Pharming?
Phishing attacks use both social engineering and technical subterfuge to steal consumers’ personal identity data and financial account credentials. Social-engineering schemes use ‘spoofed’ e-mails to lead consumers to counterfeit websites designed to trick recipients into divulging financial data such as credit card numbers, account usernames, passwords and social security numbers. Hijacking brand names of banks, e-retailers and credit card companies, phishers often convince recipients to respond. Technical subterfuge schemes plant crimeware onto PCs to steal credentials directly, often using Trojan keylogger spyware. Pharming crimeware misdirects users to fraudulent sites or proxy servers, typically through DNS hijacking or poisoning. — Anti-Phishing Working Group

The FTC offers some tips for identifying these e-mail messages so that you don’t fall into the trap.

I’m on the look-out.