Phishing & Pharming
Protect Your Online Identity
Pharming or phishing refers to a hacker or third party's attempt to misdirect Internet traffic to a fake, imitation website. The ultimate goal of pharming is identify theft: to obtain your personal information, including credit card numbers, passwords, phone numbers, email addresses, social security numbers, and other sensitive data. The hackers can either attack your computer specifically or a website's server, which would allow legitimate websites and services like AirBears or ResComp to be compromised. Unfortunately, neither antivirus software nor firewalls can protect against these threats. It's important for users to be aware of these risks and make efforts to consciously avoid these attempts at identity theft.
Recently, a study was conducted to measure the online vulnerability of students at UC Berkeley. A pharming attack was set up in the Free Speech Movement cafe for one hour, and over 60 student IDs and passphrases were stolen. This can happen anywhere, at any public wireless location. The best way to stay protected is through the use of certificates.
A certificate verifies the security of a website and protects your personal information. Certificates use a system of public and private keys to ensure that only authorized users can see certain information sent across the Internet. If anyone else tries to read the information, only see the encrypted file will be visible or accessible.
Certificates allow for secure communication between client and server on the web. When using most web browsers, you can determine whether the website is secured by a certificate if a lock image appears on one of the status bars. However, this will vary by browser. If you click the lock for more details, it will often tell you the certificate provider, the website name, and other relevant information. Also, when you visit a secure web site (one whose address starts with "https"), the site automatically sends you its certificate.
Certificates aside, smart web browsing is essential for protecting your personal data. Many phishing sites originate from popular websites such as Facebook and often make false promises to attract potential victims. As a general rule, never send or submit your personal information to any unverified site or over email. Some phishers will pretend to be website administrators and email you requesting personal information. They attempt to create a level of trust so that you will leak your information to them, but don't be fooled; no legitimate sources will ever ask you to email them your password.