Phishing & Pharming:
Not Granddad's Favorite Pastimes
Written by: Susan Caldwell
MLIS Graduate StudentSchool of Library and Information Science
University of Southern Mississippie-mail:susancaldwellusm@yahoo.com
Table of Contents Spam: Who Would Have Thought it Could Get Worse?
What is Phishing? Is That Spelled Right??
Introduction
In today's modern world, with the widespread use of the web, many people are turning to e-commerce to complete normal everyday financial transactions such as paying bills, logging in to make sure there are funds in the checking account, and shopping for Christmas gifts. Along with this migration to online financial transactions, people need to be aware that identity theft has become an increasing risk for online users. Con artists strike often at those users who are not sufficiently familiar with web usage and trust that every e-mail they receive is legitimate. The fight against fraud is an ongoing battle for financial institutions and consumers alike. It is imperative that people be aware of the dangers of placing their personal information online where it may be accessed by criminals who can then steal more than just a person's identity, but their very life. This paper will look into the history of online identity theft, credit card fraud, the use of spam e-mail to get the attention of victims and how con artists "phish" for personal information.Back to Top
Statistical Data The Internet Fraud Complaint Center (IFCC) maintains statistical data regarding online fraud and provides information by state. For example, in 2004 the state of Mississippi reported a total of 339 complaints where only 1% of the crimes reported as identity theft costing about $127 in losses per report. Credit card fraud accounted for 5% of all complaints and an average monetary loss of $155 per report. In comparison, New York had no statistical data to report for identity theft, but did report that 4.4% of the 4,015 complaints filed were in regard to credit card fraud that resulted in the average median loss of about $420 per report. For a complete listing of statistical data for every state since 2001, please visit http://www.ifccfbi.gov/strategy/statistics.asp . (IFCC, 2005)Back to Top
Spam: Who Would Have Thought it Could Get Worse? When someone mentions the word spam, several years ago it would bring to mind the potted meat many people ate for lunch and bemoaned as being so terrible sometimes that it was often wondered if it could possibly get worse. Well, in a sense, it did. The spam discussed most often in 2005 is the bane of many online users e-mail accounts rather than their stomachs. Mass-generated e-mails are sent out by the millions each day to e-mail addresses across the globe in attempts to sell products, offer services and entice the unsuspecting into divulging personal information such as credit card numbers and expiration dates or even social security numbers.Spam is a phishing tool used by cyber criminals to send out their seemingly innocent and helpful e-mails saying that the user's account is about to expire or that someone has attempted to hack into the bank's system. In order to ensure everything is okay, there is a need for the individual to update their information immediately. Helpful links are included in the e-mail to take the user right to the bank's online system so there is no need to go to the authentic site. In actuality, the misguided soul is entering his/her information in the criminal's database rather than on the bank website.
It is always best to be suspicious of any e-mail requesting personal information. Many people will often disregard legitimate e-mails in fear that they might be fraudulent spam mail and may miss important and valid information. Being aware of the difference between spam or phishing e-mails and legitimate informational e-mails from companies is the result of practice and acquiring experience in learning characteristics of each. (Brandt, 2005)
Con artists use sophisticated computer skills to obtain information illegally in order to use it for personal gain. The most popular form of obtaining information is through the use of e-mails. A con artist will send out what appear on the surface to be legitimate e-mails from well known companies such as Citibank, eBay, AmSouth Bank, etc. The message will often indicate that a person's personal information has expired or should be updated immediately or risk the account being locked. In addition, the message will include a link to the site where the information should be updated.
Pharming does not use John Deere tractors to haul away your information. Rather it uses e-mail to lead users to web pages that then run an executable that runs much like spyware. It takes over the host computer and raids any type of credit card data you might have stored on the computer. For example, if a consumer regularly pays his Citibank credit card bill online each month, then most likely he logs in to his account and has not only his credit card information available for viewing but also any checking account information. This is siphoned off by the pharming software to be used by the criminal later to steal the victim's identity and any funds available on the card and in the checking account. (Jones, 2005)
Numerous lawsuits have been filed against such webmasters as Robert Moneyhan. He is responsible for websites such as katrinahelp.com, katrinadonations.com, and katrinarelief.com. The attorney general of Florida filed the suit when it became known that the funds were being directly deposited into Moneyhan's PayPal account. Many similar suits have been filed in states across the nation in an effort to bring these scammers to justice. (Roberts, 2005)
How to Protect Yourself The Fraud Watch Network (FWN) is an excellent site to visit to find information regarding online fraud. It provides information about internet fraud, mail fraud, credit card fraud, phishing and phone fraud. Links to articles about such topics as identity theft statues and internet scam busters provide helpful information to web surfers. In addition, credit card prevention products are suggested with detailed information on how to go about reporting fraud to the appropriate authorities. (FWN, 2005)It is important to realize that many agencies and vendors are taking an active stance in preventing consumers from becoming victims of malicious internet crime. One such example of a vendor who is fighting the war on phishing is Netcraft Toolbar. This application is available for both Internet Explorer and FireFox. This program has a compiled list of known phishing sites and automatically provides a warning that pops up on the screen alerting the user that the page attempting to be accessed is thought to be a fraudulent phishing attack. For users who are less experienced in surfing the web, Earthlink provides a similar toolbar that only works with Internet Explorer. This toolbar takes the user to a site that lists all the probable phishing entities and provides explanations as well as warnings regarding the page being accessed. (Seltzer, 2005)
Conclusion In conclusion, internet users must become sufficiently aware of the intricate scams that are to be found in mass quantities on the internet. From personal experience, it is most distressing to discover that someone has been charging various sums of money to one's credit card. The distress is even more compounded when having to deal with the hassle of canceling the credit card, reporting each incidence and proving that the charges were not legitimate. Online scams and the various means by which cyber criminals obtain personal information is a threat to every person who switches on their computer. Always be aware of e-mails opened and only visit those sites that are familiar or that are verifiably legitimate.
Bibliography Fraud Watch Network (FWN) http://www.fraudwatchernetwork.com/Internet Fraud Complaint Center (IFCC) http://www.ifccfbi.gov/strategy/statistics.asp
Webopedia http://www.webopedia.com
Brandt, Andrew. "Phishing anxiety may make you miss messages." PC World; Oct2005, Vol. 23 Issue 10, p34.
Jones, Karen. "Pharming your identity." PC Magazine; 5/10/2005, Vol. 24 Issue 8, p20.
Roberts, Paul F. "Cyber-looters capitalize on Katrina." eWeek; 9/12/2005, Vol. 22 Issue 36, p11-12.
Seltzer, Larry. "Phighting phraud." PC Magazine; 8/23/2005, Vol. 24 Issue 14, p72.
Web Design By:
Susan Caldwell
susancaldwellusm
Last Updated on December 14, 2005