The latest scam being perpetrated by cyber criminals is the “pharming” attack. We’re all familiar with “phishing” – e-mail messages that appear to be legitimate warnings from financial institutions designed to lure us into spoofed Web sites that steal our accounts numbers, passwords, and other sensitive information. The defense against phishing has been to always type in the URL of the Web site, thus insuring against being shanghaied by a bogus link. Pharming is far more dangerous. Here’s a good desription from Lee Koos of CNET:
But this fairly new heinous tactic, called pharming, is absolutely frightening. For example, you type in citibank.com in to your Internet browser. The address bar displays as you would expect – citibank.com and you proceed to log on to access your bank account information. No sweat, eh? Well, little did you know that behind the scenes, citibank.com’s DNS (domain name servers) just got hijacked – displaying the completely legitimate URL address that you are accustomed to, but directing you to a spoofed site that looks and feels just like your financial institution, so you have absolutely no idea you willingly gave up your personal account info to the hijackers…. Find out more about this all-too-important topic in senior editor Robert Vamosi’s article, “Alarm over pharming attacks: identity theft made even easier.”
So, how does one defend oneself against this? Simple, type in the IP address of the site. It’s not foolproof (Web servers can also be hijacked), but it is far more secure than using the domain name. Here’s an excellent article that explains how to do this:
Stick by the IP – Though other members warn it’s not 100 percent foolproof, CNET member johnnybluenote suggests we go to our favorite Web sites by way of their specific IP address, rather than their Web name. He also provides instructions on how to find the IP for your favorite Web sites. Read johnnybluenote’s post.