Pharming is latest scam on Internet

Jen Lawson

Monday, May 23, 2005 | 11:07 a.m.

A maddening new trend in Internet scamming is called "pharming," and it is turning the Web into a land of smoke and mirrors where experts say users can't be sure if they're on an actual Web site or an identical fake one set up by crooks.

Those visiting the sites may enter personal information such as bank account numbers, which can be intercepted to drain accounts or steal identities.

Jack Sullivan, head of information security at UNLV and a former cyber crime investigator for the FBI, said it's nearly impossible for users to know they've surfed into an electronic theft trap.

"When you type in citibank.com on your desktop, if they (crooks) have successfully poisoned the name lookup, it's going to look like citibank.com, but it will take you to a different place," Sullivan said, using the bank as an example.

Last week the SANS Institute, a nonprofit cyber security research organization based in Bethesda, Md., published its quarterly review of Internet threats and, for the first time, named pharming as a growing vulnerability.

Pharming is a sibling of phishing, and both fall under the umbrella term of cyberjacking, Sullivan said.

Phishing is a ploy in which scammers send e-mails to Internet users that appear to be from, for example, Paypal, eBay or a financial services institution, urging customers to confirm their accounts by clicking on a link that directs them to a site that looks authentic, but it's not, investigators said.

But would-be pharming victims arrive at the site by simply typing the desired Internet address into a browser, not by clicking on a bogus link.

Internet addresses are converted into a numeric code, known as an IP address, which takes the browser to the site.

Pharming can be carried out a number of ways, experts said.

Crooks pull off the ploy by breaking into the main server and changing the numeric code that directs users to a Web site, Sullivan said. Or, it can be done by using spyware or a virus.

The fraudulent sites once looked crude and had misspellings, but Internet scammers are becoming more savvy.

"The Web sites are copied absolutely perfectly,"said Metro Police Sgt. Kevin Skehan of the Las Vegas Electronic Crimes Task Force, comprised of Metro detectives and Secret Service agents. "The average person has no way of telling that it's a spoofed site."

Pharming, also known as domain name system poisoning, isn't always carried out for the purpose of theft.

Last month a lawsuit was filed in federal court against a former employee of Ice Las Vegas in which he was accused of cyberjacking the nightclub's Web site, diverting users to his Web site advertising his own club.

In that case, Edward J. Williams didn't hack into the server, according to the lawsuit. He used a technique Sullivan refers to as "social engineering" -- he allegedly called the Internet service provider, posed as the owner of the club and got them to make the switchover.

While pharming is just emerging, phishing is common. The results of a study released Thursday said 43 percent of adult Internet users had received bogus e-mails, but just 5 percent have fallen for them.

The Electronic Crimes Task Force receives complaints of phishing ploys several times a day, Skehan said. A common one is known as the "419 Scam," in which a Nigerian national promises money in exchange for financial assistance.

The public is becoming more aware and keeping tighter reigns on personal data, such as Social Security numbers, birth dates and mother's maiden names, Skehan said.

"Guard your personal information like you'd guard your wallet," he said.

But pharming is more difficult to discern.

Sullivan said Internet users who do online banking should familiarize themselves with the Web sites. If anything looks suspicious, users should call the bank and have them check it out.

Financial institutions can be alerted to pharming if they notice a dramatic dropoff in traffic to the site, he said. Software is also available for companies to protect their Web sites from pharming.

Prominent corporations and online businesses tend to be secure, Sullivan said, adding that a pharming scandal could cripple business and cause embarrassment for the company.

He used amazon.com as an example.

"If you go to amazon.com, it won't ask you for your Social Security number," he said. "You'll select a book, check out your cart and enter your credit card number and type. Most of these sites are secure. They use secure methods."

But Internet users should be aware of the potential threat and practice caution whenever entering personal information into a Web site because things might not be as they seem.

Those who commit Internet crimes could face state or federal charges of theft or identity theft.

archive