"The pharmers are coming! The pharmers are coming!" Hang warning lanterns all over the Internet: It's under attack by a new scam.

For years users have been hearing about "phishing," the sending of bogus e-mails - allegedly from a bank or other online business. Those who click on a link in the e-mail are shipped off to a phony but authentic-looking site and asked to enter sensitive information. If they type in their passwords or account numbers, thieves have that data.

Now phishers have been joined by "pharmers," who have made the ruse more sophisticated by planting a seed of malicious software in the user's own computer - or poisoning servers that direct traffic on the Internet. The result: Even if you type in the correct address of a website, the software can send you to a bogus one.

Phishing attacks require participation of the victims who must click on a link within an e-mail. But not clicking on such links is no protection against a pharming attack.

Here's how the scam works. The URL you use, such as www.my-bank.com, is connected to a distinct numerical IP address. Pharming replaces the number with a fraudulent one, sending you to a criminal site instead of the real one.

Besides keeping antivirus and antispyware programming up to date on their PC, users have few other ways to defend themselves from pharming.

Any site conducting financial transactions should be able to maintain a secure website. The corner of the browser should display a padlock symbol, and the address in the address bar should begin with "https," not simply "http." Click on the lock symbol and make sure it displays the address you are expecting to be at.

Another kind of pharming, sometimes called "domain spoofing," "domain poisoning," or "cache poisoning," attacks the servers that route traffic around the Internet. These so-called domain name system (DNS) servers also link the word address to its underlying numerical address.

To corrupt a DNS takes significantly more expertise than attacking PCs. Thieves first will try to get into individual computers.

The Internet was designed to make sharing of information between scholars and researchers fast and easy, not for secure financial transactions. Now new layers of security continually must be added, as criminals probe for weak points.

Phishers and pharmers set up their fake websites for only a few days or even a few hours, then move on before they can be found out.

But even if crooks can't get at your PC or the DNS server, they can always hope that you just can't spell.

Example: a malicious website was set up at www.googkle.com, just one keystroke away from www.google.com. Users who accidentally went to the site (using the Internet Explorer browser) were inundated with spyware, adware, and other malicious software that tried to secretly load itself onto their PCs. Similar attack sites have been created just a slip of the finger away from sites such as CNN.com, AOL.com, and MSN.com.

The people behind the malicious sites can be anywhere. The PC operating the site could be "somebody's grandmother's computer" being remotely controlled without her knowledge.

"Phishing" FACTS:

• Since 2004, the number of sites linked to the scam rose an average 28 percent a month.

• The US hosted a third of the phishing sites - more than any other nation - followed by China (12 %) and South Korea (9 %).

• Financial services are the most frequent target.

• Scam sites only last an average 5.8 days before they're taken down.

Christian Science Monitor May 05, 2005

Also check out KC Virus & Hoax Alert at:



This website is good source for phishing news - if you get a "phishy" email look for it here: