Author Topic: "Phishing" On The "Pharm": How Thieves Combine Two Techniques To Steal  (Read 1497 times)

0 Members and 1 Guest are viewing this topic.

Offline Perfect
  • Cokoye
  • *****
  • Posts: 8416
  • Karma: +0/-0
  • Gender: Male
    • View Profile
    • Africa Online Forums Nigeria | Ghana forum| Kenya Communites| Uganda
Bob looked in the mail and began reading:

"Dear eBay User, as part of our security measures, eBay Inc. has developed a security program against fraudulent attempts and account theft. Therefore, our system requires further account verification ..."

Security Measures. A threat to suspend your account to avoid "fraudulent activities." The email went on to say that there were "procedural safeguards with federal regulations to protect information you provide to us."

Bob clicks on the link and was confronted with a logon page authentic looking, just waiting for your user login name and password and confirm what eBay allegedly did not know.

Almost did. The site looks absolutely authentic, and that he had been "created" by email. His fingers were about on the keyboard when it happened to take a look at the address.

There was something very, very bad.

"Pharming" to fleece sheep

The art of "pharming" involves the creation of an illegitimate website that is identical to its prototype legitimate, for example, the eBay site Bob was misled about the use and re-direct traffic to it.

"Pharmers" can do this in two ways:

1.By altering the hosts file on your computer. The hosts file stores the IP address of the web sites that have had access. By inserting a new IP address in the database field corresponding to a web site, your computer may be redirected to the website of the pharma. Any information you give the bogus site is immediately kidnapped by the pharm.

2.Hijacking the DNS (Dynamic Name Server) itself. A DNS matches the name of the address to their IP addresses. If this server can be forced to assign new IP addresses to the traditional names, all computers using name resolution provided by the DNS server will be redirected to the website of the kidnapper.

Once this happens, it's time to be fleeced.


"Pharmers" hijack your hosts file or DNS servers with spyware, adware, viruses or Trojans. One of the most dangerous things we can do is work on the computer without some form of Internet Security installed on it.

Your security software should be continually updating their virus definitions, and be able to notice if something has been downloaded from a website or by email. Must be able to eliminate it, "quarantine" or say that is what can be removed by hand.

You should also keep spyware and adware programs installed, and be aware of any changes in traffic patterns on the internet. If your home page suddenly changes, or if you have pop-up advertising (which can occur even when not connected to the Internet), you should run a virus, Spyware or Adware scan.

Thanks to the effectiveness of these protection programs, pharming is more difficult than it used to be. It is so easy to hijack a computer as it was before.

Thus, "pharming" have joined with the "phishermen" for you to visit the fake website yourself, and enter all the information they need.


As Bob discovered, the page had been taken by the false e-mail message was identical to the logon page of eBay. Identical in all respects, except for the URL.

Out of curiosity, which checks the address of logon access eBay through eBay directly and clicking on the link to login. The URL of the two were nothing alike, except the fake one had the word "eBay" in it twice - enough to make it look authentic.

By combining the two techniques, the phishermen / pharmers had avoided the high-tech issues related to downloading a virus that could pass your protection software. He had gone straight to the throat.

Bob's throat.


The only real protection against pharming and phishermen is YOU. There are three things you should keep in mind when reading any email that requires information:

• Why do you want? Be extremely skeptical when they say they have to "update their records", "comply with federal regulations, or to prevent fraud. They are starting the fraud.

• Why you can not do on the website? Why not invite you to access the website directly and provide this information? The answer is because the company in good faith does not need an update.

• What is the URL as? This is a series of subdomains some of which has the name of the company in good faith? Most likely, the subdomain is configured with a free hosting company.

• Have provided partial information about you as a guarantee that the email comes from the true source legitimate? Take good care of it. This technique is effective for "pretexting," impersonating a person or company, and was used in the Hewlett Packard scandal to gather information. The fact that they know your name (and any other information - known only from legitimate sources) does not mean that email is legitimate. Probably kidnapped server information.


The conclusion is: do not provide any information at the request of an email, no matter how authentic it looks, or the authenticity of the page directs you to the eye. If you must start the session, do so at the main site itself.

Her identity theft prevention and protection is ultimately up to you.

They are not fleeced by sheep along the pharmers you've caught with hook phisherman. Being dropped naked in your skillet is not a desired destination.


With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Type fifty as a number:

Related Topics