by Ondrej Krehel
Phishing, Pharming, Vishing and Smishing
Hackers are always coming up with new ways to separate you from your money. The most popular methods like include:
• Phishing has become a catchall term for any electronic criminal fraud scheme that tries to capture personal identifying information (PII), such as names, passwords, credit card information and ATM pins. Usually this takes the form of a hacker-designed email or instant message that looks and feels like an official communication from a bank, Internet service provider or social website that tricks the receipt to respond with personal information.
• Pharming occurs when hackers exploit DNS server software to redirect traffic from a legitimate website to a bogus site to capture personal data. For example, they’ll route a bank’s web traffic to a site controlled by hackers. Think of this as a postal mail redirection.
• Vishing is a malicious combination of phishing and Voice-over IP or Internet phone service. It amounts to hackers making phone calls via the Internet that look to Caller ID systems like official business lines from, say, a bank, credit card company or insurance provider. Often it’s an automated call that asks the recipient to call back, at which point con artists asks for PII.
• Smishing combines SMS text messaging with Phishing, amounting to hackers disguised as official institutions using cell phones to phish.
In all of these scams, criminals are pretending to be a trusted financial institution or company, and in that disguise ask the victim to disclose their personal information. Sometimes they even offer incentives, such as free reward cards and special credit financing. With these particular tactics, it’s important to keep in mind the old saw, if it seems too good to be true it probably is.
But sometimes your bank or Internet provider does in fact need to contact you. Here are some tips to separate the legit from the illegal:
• Check the source for misspelled content. Online, make sure it’s the actual company URL address in your web browsers. Hackers are very smart at making fake URLs look real, like, say Credits.com for Credit.com. The text inside of the message or URL itself is often misspelled.
• Watch for redirection. You may click your tried and true bookmark to go to your bank’s website, but if your PC or the bank site is compromised it could point you to a hacker lookalike site. If you see that you’re being redirected to site that doesn’t look right, or notice the URL link contains characters other than normal, disconnect.
• Google the malicious email, SMS, caller number. You might not be the only one who was targeted. Google the number or email address to see if there’s larger scam and possible means to report it.
• Just say no. No company will ask for your date of birth, Social Security number or ATM password in an email, website or text message. They also won’t ask questions about your personal life, such as pet or family members names, which hackers will do to guess at your passwords.
The key here, as with all Internet security, is to stay aware and have your computer in safe state, clean and up-to-date, ready for the full Internet experience.
Ondrej Krehel, Chief Information Security Officer, Identity Theft 911
Ondrej has more than a decade of network and computer security experience. His expertise extends to investigations of intellectual property theft, massive deletions, defragmentation, anti-money laundering and computer hacking. He led U.S. computer security projects at Stroz Friedberg and worked in IT security at Loews Corp.
Leave a Reply