Phishing, Pharming May Soon Be a Phloop
- By Ralph C. Jensen
- Mar 20, 2007
HERE'S a bit of good news, especially if you’ve been phished
and pharmed to death. Perimeter eSecurity has launched a new suite of identity
protection services to discover and thwart phishing and pharming Web sites.
A phishing attack starts with a fraudulent e-mail directed
at a banking services customer. You know the type because we all get them. I’ve
gotten the e-mails that ask me to look over my account by returning vital
information so it can be checked for accuracy. Never give away vital
information of any kind. Your bank will never ask for it, especially by e-mail.
An e-mail appears to come from the customer’s financial
institution and contains a URL or Web site link that, when clicked on, takes
the account user to a phishing Web site. The account user is then directed to
enter their account number, username, password or PIN.
Your bank will never do this, but the criminals use this
information along with the customer’s ID to steal funds, commit fraud or
otherwise attack the instititution. Pharming attacks redirect legitimate
traffic to a fake Web site so hackers can gain access to customer’s usernames
and passwords.
This is no small event. According to Kevin Prince, CSO of Perimeter
eSecurity, 59 million phishing e-mails are sent out worldwide each day. Ninety
percent are targeted at financial institutions. The attacks are becoming
increasingly personal because hackers will go to any length to convince end
users that an imitation e-mail or Web site is real.
Prince said hackers will even use your security vendor or a
federal organization as bait. Fraudulent phishing and pharming sites need to be
taken down immediately to stop further attacks and damage.
We would like to know what’s on your mind. Feel free to send
a letter to the editor.
About the Author
Ralph C. Jensen is the Publisher/Editor in chief of Security Today magazine.