Phishing Grows Up ... Into an Ugly Monster

The frequently-reported phishing schemes that already have us shaking in our boots have evolved and become sophisticated enough to get a new name: pharming.

That's the term security companies and others that follow Internet trends have given a complicated form of phishing that goes beyond the single e-mail attempt to lure people to a false site. Pharming actually installs malware (translated: malicious software whose sole purpose is to reside on a machine until it can be used to extract personal and financial data from that computer).

When activated (which is usually through a seemingly innocent action such as typing in a legitimate address), the malware pops up bogus sign-on pages. It does so by translating a legitimate address into the illegitimate address, an action undetected by the user. The malware then intercepts account name and number entries, and sends the information to scammers. As if that weren't enough to worry about, the schemes have become increasingly complex in their URL redirection techniques to better disguise from law enforcement where links inside e-mails go.

Among the safeguards security firms recommend that banks can pass onto customers are:

Install and keep up-to-date with anti-virus, anti-spam, and anti-spyware and install the latest operating updates on computers. If the malicious e-mail doesn't arrive in the first place, it can't trick you.
Be careful with any e-mail attachments. Many malware infections are disguised to look like jokes, graphic files or security patches.
If you receive an e-mail that looks like it came from a legitimate company, don't click on the link. Instead, type the actual Web address in your browser.
Look for security icons and be aware that secured web sites usually begin with https:// instead of just http://
Never fill out forms in an e-mail. Instead, visit the company's legitimate site.