What is Pharming? Here's how to safeguard yourself from such cyber attacks
With the increased use of smartphones and computers to transact and do work, there is also a surge in cyber attacks. Several naive users unaware of threats lurking in the web are falling prey to the tricks of cyber crooks and losing their hard-earned money.
In this edition, we shed light on Pharming, a devious cyber-attack technique used by criminals to redirect potential victims to fraudulent websites or manipulate their computer systems to collect sensitive information.
They use the data to either blackmail for ransom or wipe clean the bank account before the victim realises what hit them.
Pharming: Modus operandi
Usually, criminals send out random emails or messages to potential victims offering big discounts on products on big popular e-commerce sites. To make them enticing, the bad actors create a genuine-like banner with almost the correct logo, and fonts in the mail.
And, they also create a fake website page with typefaces similar to the original company.
Overwhelmed with joy seeing such big offers, the unsuspecting victim clicks the URL link and goes to the website, which is compromised. Then, they ask the user to fill out the form or add credentials such as user ID and password.
Then, in the next step, the user is asked to pick an item of their choice and proceed to the checkout page and ask them to fill in their credit/debit card details and CVA (Card Verification Value). But, the transactions fail, as criminals will not have a secure banking license to perform a transaction. They just need your credit card details and phone number.
After harvesting such details several hundreds and thousands of people they will sell the data to the highest bidder or go to the second phase which will smooth talk the victims that they are calling from the Income Tax department or a bank company. They tell them that there is an issue with the bank account and need to perform KYC (Know Your Customer) procedure via call and ask them to share OTP.
In actuality, they would have initiated the money transfer procedure and asked the victim to share the OTP to complete the process. Before the latter realises, the crooks would have transferred the money to their and again to other multiple accounts, to make it difficult for banks and cyber police to trace their tracks.
As most culprits use burner phones or else use fake IDs of others to get a SIM to operate such scams. It has become a big business in certain pockets of North India. Jamtara in Jharkhand is known as the phishing capital of India, notorious for such scams.
[Note: Burner phone is an affordable phone sold to tourists. They come with affordable tariffs and can be discarded after use.]
In other cases, the fake website created by a scamster, floods the screen that the device the user is using has a virus or malware and asks them to download the application. Some people are unsuspecting about the consequences install it. But, in reality, it will be malware that takes over the system.
And, the attackers will get hold of sensitive information such as personal explicit photos/videos and bank-related users IDs, passwords and financial credentials. They can either wipe clean the bank account or try to coerce the victim to pay ransom to return the data stolen from the phone or computer. In all instances, you either lose your money or dignity and in the worst case scenarios, you end up losing all for a saving few bucks to buy a product.
Tips on how to safeguard yourself from Pharming or other cyber attacks:
-- Never ever respond to emails sent from an unknown sender
--Also, even if the sender is known, never trust the URL very easily. It has come to light that cybercriminals are known to reward some amount to a few individuals for sharing the URL with their friends and family. The more members they share, the more incentive they get. This will help criminals to widen their net to hoodwink gullible victims
-- Always look for telltale signs in the mail or messages. Most criminals are bad with grammar and spelling. They always may mistake.
-- Also, ensure the website URL has 'https' at the beginning. If you seed the URL has 'http', you better exit from the page. And, on the compromised website too, the criminals make spelling mistakes. Keep an eye on such things and avoid getting scammed
-- Don't be greedy. Nothing in life comes easy and forget about getting things for free. If you get any such offers by email, you better avoid them or else you will end up penniless. Flipkart/Amazon and other e-commerce firms always publicise them to the public via news organisations, whenever they plan to host promotional discount sales.
--Always, download and install e-commerce apps such as Flipkart, Amazon, Myntra, and even anti-virus apps from official stores such as Google Play Store, Apple App Store, and Microsoft Windows store only.
Get the latest news on new launches, gadget reviews, apps, cybersecurity, and more on personal technology only on DH Tech
Deccan Herald is on WhatsApp Channels| Join now for Breaking News & Editor's Picks