"Hacking Your Identity"
By John Anderson
When you think of hackers, you don’t usually
picture the outdoorsy type. So when you hear that they are into phishing and
pharming, you might think, “Well, besides poor spelling, that’s
not so bad, is it?” Well, actually it is. The danger is to your wallet,
as phishing and pharming are in fact terms used to describe the methods hackers
are using to drain your bank account.
If you receive spam e-mail (and most of us do) you have probably seen messages
from an online bank or auction website requesting that you login in and verify
your information and enter your credit card information or otherwise your account
will be closed. This is called phishing. The e-mail directs you to bogus Web
pages that will try to trick you into surrendering personal information. Some
will often have the actual website in one window and their info-gathering webpage
in a pop-up window. The pop-up window has the look and feel of an authentic
What happens after they get this information? Not what you
might expect. Most would expect to see immediate purchases for high-priced
items appear on their statement, but what is more common is to see small, sporadic
withdrawals (from as little as 25 cents to five dollars). If undetected, the
withdrawals will increase in frequency and amount.
Cyber criminals will use this “low and slow” method
to avoid detection, deliberately stealing only small amounts of cash. Given
time, this type of scam can skim millions of dollars from thousands of online
The Source of Spam
Now you know what to watch out for, but just who is sending out all of
these messages? Well, in fact, you are.
That’s right: you, or someone you know.
Has your computer been running a little slow lately? Crashing
frequently? You’ve checked the hardware and everything says it’s
okay. So what’s the problem? There is probably nothing physically wrong
with it – it’s just having a little trouble sending out 50,000
e-mail messages using your e-mail account.
So here is another word for your ever-expanding Internet
“zombie”. That is what your PC has become if it has been hijacked
by a hacker.
Whether the virus came via e-mail, website or downloaded
program, your PC is now mindlessly helping its masters commit crimes online.
Zombie PCs are responsible for the bulk of spam e-mail, which
makes up 94.5 percent of e-mail traffic. Postini®, provider of spam-filtering
software, estimates nearly 40 percent of spam now comes from zombie networks.
Pharming is the other scam in which hackers are involved. Much like phishing,
users are secretly redirected from financial sites to the scammers’ fake
ones, where they are asked to enter their personal information. But instead
of users clicking on links in their e-mails leading to fake sites, pharming
will actually intercept users on their way to a bank or credit-card firm website.
Yeah, you might have clicked that e-mail link or opened an attachment you shouldn’t
have. Hey, it’s a mistake; people do it all the time (I’ve done
it more times than I’m willing to tell you here). But with pharming,
you don’t get the luxury of regretting a simple mistake.
Pharmers attack either the large servers that find websites
for users or the users’ computers themselves. When a user tries to go
to his or her bank’s website, a virus program secretly redirects them
to the pharmer’s fake site (you type in www.abc.com but instead end up
at www.xyz.com). The fake sites then send the collected information back to
the hackers, who use the information in other fraud and identity-theft scams.
Since hackers are targeting only a small section of the Internet, the legitimate
sites don’t notice the drop in Web traffic because it is just a fraction
of the total.
These types of attacks have been used for years, but only
recently have they been used for identity theft. While phishing e-mail scams
one person at a time, pharming nets thousands of Internet users at a time.
Who is Doing It and Why?
The “why” is easy: money.
Hackers are usually categorized as young whiz-kids launching
electronic attacks for fun and bragging rights, often creating a huge if transient
nuisance for companies and computer users. Their attacks could be called cyber
vandalism, however, when compared to the PCs that are now being taken over
purely for profit.
Code-writers now create malicious programs mainly to amass
networks of zombie PCs. They then sell access to zombie networks to spammers,
blackmailers and identity thieves who orchestrate fraudulent for-profit schemes.
Many of the scammers are associated with loosely-organized crime syndicates
in Russia, Latvia, Kazakhstan and China.
While collecting personal information from bogus Web pages
is a serious threat, the use of zombie PCs to broadcast spam for Viagra or
quickie loans has emerged as a huge business.
Personal computers have never been more powerful – or dangerous.
Just as millions of Americans are buying new PCs and signing up for ultra-fast
Internet connections, cyber criminals are stepping up their schemes for taking
control of their machines – and most users are slow to grasp that an
intruder has gained control of their PC.
Companies and big organizations can reduce the threat by
keeping their software updated and patched. They can also install firewalls,
filter for known scams and watch for changes in Internet protocol addresses
on their servers.
There are many ways for malicious code to slip past firewalls
and anti-virus programs. E-mail viruses, for instance, rely on tricking the
victim into opening an infectious attachment. Another widely-used tool is harder
to fight: the direct planting of viruses, known as
“come-and-get-it” viruses, on popular websites and peer-to-peer
sites, where music and movies are exchanged.
The trick is to be careful with your e-mail. Update your
virus definitions, use a firewall program and spyware-detection software. You
don’t need to become a security expert, but if your computer is acting
strangely it might be worth your time to thoroughly check out your computer,
even if your virus-scans come back clean.