A roundup of information about phishing, pharming, and 419 scams.

“Phishing (also known as carding and spoofing) is the act of attempting to fraudulently acquire sensitive information, such as passwords and credit card details, by masquerading as a trustworthy person or business with a real need for such information in a seemingly official electronic notification or message (most often an email, or an instant message). It is a form of social engineering attack.” — from Wikipedia

“Pharming the exploitation of a vulnerability in the DNS server software that allows a hacker to acquire the Domain Name for a site, and to redirect that website’s traffic to another web site.” — from Wikipedia

Advance fee frauds are also called 419 scams:

“Advance fee fraud, often also known as the Nigerian money transfer fraud, Nigerian scam or 419 scam after the relevant section of the Nigerian Criminal Code [1] that it violates, is a fraudulent scheme to extract money from investors living in rich countries in Europe, Australia, or North America. This type of scam, originally known as the “Spanish Prisoner Letter” [2], has been carried out since at least the 16th century via ordinary postal mail. They have come to be associated in the public mind with Nigeria due to the massive proliferation of such confidence tricks from that country since the mid-eighties, although they are often also carried out in other African nations, and increasingly from European cities with large Nigerian populations, notably London and Amsterdam.” — from Wikipedia

Some Advice

“To protect yourself, beware of messages that ask you to click a link to verify your personal information. Don’t e-mail personal or financial information. Review your bank and credit card statements for unauthorized charges, as soon as you receive them. Always use firewall, anti-virus and spyware software. Update these programs at least weekly.

“Be cautious of opening or downloading attachments in e-mails, regardless of who appears to have sent them. And if in doubt, call your bank or merchant. You can also report suspicious activity to the Federal Trade Commission by forwarding it to spam@uce.gov or by filing a complaint at www.ftc.gov.”
From “Phishing and pharming: Is your personal identity being harvested?” by Mike Klein, Wisconsin Technology Network, February 21, 2005

Resources and more information

• ID Theft Home – from the FTC
• “MAJOR INTERNET FRAUDS – Phishing,” from FraudWatch Inernational
• Pharming – from Green Armor
• Phishing – from Green Armor
• “Pharming Out-Scams Phishing,” by Michelle Delio, Wired News, March 14, 2005
• “Alarm over ‘pharming’ attacks,” by Robert Vamosi, ZDNet UK, February 21, 2005
• “The economy of phishing: A survey of the operations of the phishing market,” by Christopher Abad, First Monday, September, 2005
• Anti-Phishing Working Group
• “How Not to Get Hooked by a ‘Phishing’ Scam,” from the FTC
• pharming.org
• “How To Protect Yourself from Phishing and Pharming,” by Michael Brown, Maximum PC, July 8, 2005

And for a little about 419 scams

• Advisory from the United States Secret Service
• Nigerian 419 Scams – from FraudWatch Inernational
• 419eater “Welcome to the world of Scambaiting!” some very funny stories about how some scammers get scammed …