Commentary
InternetUniversity: Scam Protection
- by justin , Anthony Muller , July 29, 2005
Unlike phishing, pharming doesn't rely on e-mail to get users to divulge their personal information. Rather, it capitalizes on a vulnerability of Internet service providers (ISPs) that store Internet protocol addresses on local servers to speed up their connection times. If server security isn't up-to-date, pharmers can substitute bogus addresses that direct users to sites resembling those of trusted banks or credit card companies. This means a user who types the correct URL can still wind up at a rogue site. Once that occurs, the crooks are free to steal personal information or plant spyware that monitors and reports on users' online activities. To be safe, look for the padlock in the corner of your browser and "https" (not "http") in the site's URL before typing that account number.
The proliferation of wireless Internet connections in airports, hotels, conference centers, and even coffee shops has given users unprecedented convenience - and scammers yet another backdoor to exploit. "Evil twins" are scam wireless networks that masquerade as legitimate providers to lull users into a false sense of security, then capture their passwords, credit card numbers, and so on. Personal firewalls can't detect them, but a virtual public network or other encrypted system can defeat them. Users are well advised to keep security settings at their highest levels when working in public spaces and to turn off their computer's Wi-Fi function when it's not in use. Any time the security level has to be lowered - to share files, for example - the level of vulnerability rises. What's most infuriating about these scams is the way they take advantage of users' trust in the systems they use every day, and the expectation of being able to stay connected 24/7. Eternal vigilance, it seems, is the price of convenience.
