Story: Alarm over 'pharming' attacks

• 
• 

Thank you for your informative article on Pharming.

As I see it, at least part of the problem is complacency and overconfidence on the part of both consumers and service providers.

Case in point number one: I recently closed a credit card account because the official communications from the card company via e-mail contained links back to their web site. Complaints about the practice met with links to web pages containing phishing warnings - like, Hello? Is anybody listening?!!!! On one occasion I received a phishing message that was so well timed and so well done that only my caution prevented a compromise of my information. Instead of clicking the links, I copied them to the clipboard, then displayed the actual address - BOGUS! Out of curiosity I enabled all my protections and actually went to the bogus web page - it was VERY convincing, and refused to let me leave until I gave it information - I gave it the user id of "You've Been Busted" and the password of "SUCKER2" and then reported it to the U.
S. Treasury division of the Secret Service.

However, when I reported the incident to the Card Company, I was met with a very blasé attitude. They couldn't have cared less!

Second case in point. I tried to inform my family members on the hazards of pharming and how to protect themselves. (Use IP addresses instead of names, use bogus login info on the first pass, and check for security certificates.) One of my children is a thirty-something bachelor with a college degree (meaning, "I'm so smart, I don't need to listen to anybody"). He tried to tell me that he was too smart to be taken in - that there was always a gave-away like poor spelling or bad grammar (WE know that is not true! If I weren't sure his mother wasn't a horse and that I'm not a burro, I'd say he was a ---- ---. )

Third case in point: In order to fight pharming attacks, as indicated above, instead of using the alpha-numeric names, I program the IP address of my bank into my 'favorites' folder and banking spread sheets so as to bypass DNS inquiries.

Recently my bank performed a complete website overhaul - without warning, I found myself at a web site that did not look ANYTHING like where I was supposed to be. I thought the host files on my own system had somehow been corrupted (in spite of a fire wall, antivirus and anti-spybot programs!) But no, it was indifference by my bank in not notifying customers that a change was coming. When I arrived at the new site I used bogus login information to be sure I got an error message before I proceeded to use the new site. I'm still waiting a response from the bank's webmaster about THAT one!

BTW - a simple way to determine the IP address: First, log on to the website using the bogus first attempt method - to be sure the servers have not been poisoned and immediately log back out but stay connected to the web if using a dial up server. Then, open a dos command window (Start-Run-Command-Enter) and type PING [the address you used to login] and record the IP numbers that come back. They will have a format like, 64.235.67.0. or some such. (Don't use the HTTPS:// address. Use the HTTP:// address - or you may not get a response) THEN put THOSE numbers into your favorite links. (Type EXIT and RETURN to get out of the dos window) Test the new shortcut to be sure it works.

(Note: My email address, provided below, is disposable and may be trashed if I get spam - so it is ok to display - Once I'm sure my email address has remained confidential, I may provide my permanent address on request.)

• 
• 

• 
• 
• 

Full Talkback thread