Identity Theft takes place whenever a criminal gets hold of a piece of your information, and then uses that information for their own personal gain.

While a lost or stolen wallet, purse or cellphone may simply mean the loss of your cash and credit cards, it may also be the beginning of an identity theft case. The return of the item does not guarantee cards were not copied, or that the your personal information was not used to commit identity theft.

In the previous article I pointed out 5 areas in your world where identity theft could take place that were actually rather low-tech.

  • Old-fashioned letters (including junk-mail)
  • The trash can
  • Flash disks
  • Your drivers license or ID Document
  • Household paperwork.

 

Don’t think that identity theft is always “high-tech”. It can happen to anyone, even if they don’t have a computer, don’t make use of social media or don’t own a cell-phone!

Dumpster diving – literally digging through your trash – remains a popular method for stealing large amounts of your personal information. South Africans receive over 1.2 million tons of junk mail every year and much of this mail – such as pre-approved credit cards, credit card bills, and bank statements – includes your personal information. Dumpster-diving identity thieves root through your trash because they know the documents you discard as garbage contain personal identity information that can be used in a variety of illegal manners, like employment-related fraud, loan fraud, bank fraud, benefits fraud and tax fraud.

Mail Theft – Mail theft is the number 1 white collar crime in the USA today. Mail theft is a crime and is defined as anyone taking any piece of mail, be it a letter or a package, for any purpose. This includes stealing from post ofice workers, from private mail boxes, from collection boxes and even from mail trucks. One of the main motivators in mail theft is to steal that person’s identity and receive access to their private information, including bank accounts and credit cards.

Social Engineering – Social engineering is the art of manipulating people so they give up confidential information. The types of information these criminals are seeking can vary, but when individuals are targeted, the criminals are usually trying to trick you into giving them your passwords or bank information. Criminals use social engineering tactics because it is usually easier to exploit your natural inclination to trust, than it is to discover ways to hack your software. For example, it is much easier to fool someone into giving you their password than it is for you to try hacking their password. That is why phishing is so successful, often victims willingly give their personal information to the scammers, as they feel they can trust the person asking for the information.

Shoulder-surfing – Shoulder surfing occurs when someone watches over your shoulder to steal valuable information such as your password, ATM PIN, or credit card number, as you key it into a device such as an ATM or tablet. When the shoulder-surfer uses your information for his financial gain, the activity becomes identity theft.

Theft of personal items – When a personal item like a handbag, a wallet or purse, a cellphone, or a laptop is stolen, all the information in that item can potentially be used for identity theft. The value of the stolen items is often not much, and replacement is more of an inconvenience to many of us, however your personal information can never be recovered, and is intrinisically more valuable than the item that was stolen!

What can you do to minimize “low-tech” identity theft?

  • Never give out personal or financial information over the phone or in an email.
  • šPassword-protect your cellphone.
  • šShred credit card receipts, junk mail, and other such documents with sensitive personal or financial information.
  • Be aware of your surroundings at all time.
  • Tilt the screen of your cellphone screen away from the person next to you and stop working in crowded airplanes, trains, airports, cafes, hotel lobbies and other public spaces
  • Work with your back to a wall preventing others from getting behind you and looking over your shoulder.

Next time we will look at the modus operandi of high-tech identity thieves.

Keep safe out there,

David Wiles

 

In the last article I provided you with a few tips on how to create strong passwords, in order to make the hackers job harder at accessing your personal data, in other words, “How do scammers get your information?”.

But where do scammers get your information?

The graphic below depicts the world where most of us find ourselves, and where scammers might obtain important snippets of our personal data that, in many cases, is there for the taking:

Your personal information is in places beyond your control!

The cellphone has become a indispensable communications tool in the 21st century. According to the Pew Research Centre, South Africa is placed 24th on the world list with a smartphone usage of 37% of the total population. However according to a recent global survey by McAfee and One Poll, 36% of those smartphone users have no form or password, pin or fingerprint protection on their devices. This means that if their phone falls into the wrong hands, they risk opening up all sorts of personal information such as bank details and online logins to whoever finds or steals the smartphone.

How much of your personal information have you placed out there on the internet?

  • šOver 30% of South African Internet users share at least 3 pieces of personal information posted on their social media profiles that can make stealing their identity easy.
  • 60% of South African Internet users have revealed they had no idea what their privacy settings are and who could see their personal information on those sites.

Old-style junk mail, invoices, receipts and ordinary letters can still provide scammers with a wealth of information. Dumpster-diving  can reveal documents with your ID Number, old bank statements with your account details, old credit cards, unwanted junk e-mail, payslips and tax forms. Even old prescriptions & medical aid claims can provide scammer with a wealth of information from your personal information.

The modern equivalent of a filing cabinet, a flash disk poses a huge risk to the security of your personal data. Flash disks are small and cheap and can often be forgotten plugged into computers, fall out of pockets and be stolen, providing scammers with all the data stored on that device.

Your bank, your employers and SARS all store and work with your personal information. You have placed a tremendous amount of trust in these organizations to keep your personal data safe. How many people at your bank, for instance, have access to your personal data, who can they potentially give that data to?

Your drivers license has a lot of information on it, including fingerprints, date of birth and ID number. The new style “smart” licenses will hold even more information, and if the license gets int the wrong hands it can be used for identity theft. For instance, in order to open up a cellphone contract, you would need an ID document or driver’s license, bank account details and proof of address, almost all of which can be obtained by dumpster-diving or someone rifling through your paperwork.

Finally your computer (at work or at home) or your laptop holds a huge amount of your personal information. If stolen, the hard-drives can easily be trawled for personal information. If there is no password or a weak password on the laptop it makes stealing this information so much easier!

…This is your world!

  • šSince 2007, more money has been made from trafficking financial data acquired by identity theft, than money made from drug trafficking.
  • š8.8 million South Africans were victims of identity theft in 2015.
  • š1 in 3 South Africans do not have a password on their cellphones or computer.
  • š70% of South Africans change their passwords after being compromised. (So 30% of South Africans don’t do anything even after they have been compromised)
  • š1 in 3 South Africans admit sharing passwords with other people

There are 4 areas where we all neglect the security of our personal information:

  1. IndifferenceLack of Feeling
  2. IgnoranceLack of Knowledge
  3. InabilityLack of Training or Education
  4. InactionLack of Respect

During a recent information session I was asked to suggest to people what they could to to improve their personal data security and to prevent identity theft:

When someone comes and knocks on your front door, do you just open the door and let them in? No, you check who it is and then you decide if you want to open your door to them or not. The power of access is in your hands because you control the door!

The same principle applies to your personal data. Be careful and vigilant and be the gatekeeper of your personal data! Control what data is given out and who receives it. You have the control!

Next time we will look at the modus operandi of identity thieves.

Keep safe out there,

David Wiles

Earlier this week I pointed out that most people still underestimate the importance of having a secure password, and still make the mistake of using simple words and numbers as a password.

Keep in mind that your e-mail and social network accounts contain very personal information about you. You must have a strong password to keep your personal life personal, and not become a victim of identity theft. (In 2015, 1 out of every 6 South Africans were victims of identity theft)

  • Using e-mail or your profile on Facebook, Whatsapp or Google, hackers can, and do, extract a huge amount of personal data of your personal “online” life.
  • If you use the same password for multiple online accounts, you run the risk, if this password is hacked, of all your online accounts being compromised.
  • Using a personal name for an online account, the name of the city that you live in, the names of your children or your date of birth, give hackers vital clues for attempting to access your personal data.
  • For an average expert hacker, it is always easy to find passwords that are made up of words from the English vocabulary or other languages, using a basic technique called “brute force” or “dictionary” attacks.

What makes a password safe?

  1. A password that is at least 8 characters long.
  2. The password does not contain information that is easy to find online such as the date of birth, the telephone number, your spouse’s name, the name of a pet, or a child’s name.
  3. The password does not contain words found in the dictionary.
  4. The password contains special characters like @ # $% ^ &, and numbers.
  5. The password uses an combination of uppercase and lowercase letters.

A trick that the experts use to create secure passwords:

Think of a phrase and use the first letters of the words in the phrase.

  • For example: “In South Africa a barbecue is called a Braai!”
  • Take the first letters of each word and the password that is created is: ISAabicaB!
  • This will be very difficult to guess, but easy to remember.
  • At this point you can decide to make your the Google password is ISAabicaB!-G,  and Facebook ISAabicaB!-F and your university account  ISAabicaB!-US and so on.
  • There is already a capital letter and a special character (!), so you just need to add a number to finish off a good password like 9-ISAabicaB!-US (9 could be the month you created the password in – for example)

You will have already made your password a lot more difficult to hack, and it can be a lot of fun to create!

Next time, I will show you where hackers get your personal information. Be prepared to be shocked!

Keep safe out there…

David Wiles

Oct
03

The past two years have been particularly devastating for data security world-wide, with a number of well-publicized hacks, data breaches and extortion attempts.

Annually SplashData publishes a list of the most common passwords. The list is created using data from more than five million passwords that were leaked by hackers in 2018 and with a quick glance at the list, one thing is clear – we do not learn from our mistakes.

People continue to use easy-to-guess passwords to protect their information. For example, “123456” and “password” retain their top two spots on the list—for the fifth consecutive year and variations of these two “worst passwords” make up six of the remaining passwords on the list.

SplashData estimates almost 10% of people have used at least one of the 25 worst passwords on this year’s list, and nearly 3% of people have used the worst password – 123456.

Here is the list of the top 10 passwords of 2018:

  1. 123456
  2. password
  3. 12345678
  4. qwerty
  5. 12345
  6. 123456789
  7. letmein
  8. 1234567
  9. football
  10. iloveyou

Despite this risk, some people think that they are very clever with their passwords:

There is one that is used by a lot of personnel at the university

1q2w3e4r5t

it looks very cryptic, but when you look at a computer keyboard it is easy to spot:

 

 

 

 

 

 

 

 

 

It is a sobering fact that most people still underestimate the importance of having a secure password, and still make mistake to use simple words, numbers as a password.

“Passwords are the only control you have to secure your data with most systems these days. If your password is easily guessed by someone, then the person essentially becomes you. Use the same password across services and devices, and they can take over your digital identity.” Shaun Murphy, CEO of SNDR.

In our next post we look at how to create a strong password you can remember…

Keep safe out there…

David Wiles

Aug
21
Filed Under (Editorial, Tips) by David Wiles on 21-08-2018

FacebookThe FBI have issued a warning about cyber-criminals using Facebook Messenger to trick people into opening malicious links that harvest their personal data by circulating a message that urges people to open a link.

The message reads ‘Hey I saw this video. Isn’t this you?’ coupled with a URL. other variations use phrases such as “someone is saying bad things about you” or “someone is spreading rumors about you.”.

The most common version of the scam takes the user to a fraudulent website designed to resemble the Facebook login page.

The webpage is forged and is controlled by a fraudster who is able to steal any details inputted by users mistakenly believing they’re logging into their Facebook account.

If people use the same email address and password combination on other websites, hackers can use the stolen details to login to those as well.

This can allow criminals access to online banking, or frequent flyer miles.

The best way to spot and avoid these scams is to avoid clicking on any links that you receive from friends or family until you contact the sender outside of app to verify that he was the one who really sent the message.

The key to the scam is the seeming familiarity of the sender: a friend, family or relative.

Scammers use two rules of thumb to lure victims.

  • The first is to gain the confidence of their target through the credibility of a friend, authority figure, or organization that the victim is likely to trust.
  • The second rule of thumb scammers use is to create a sense of urgency or threats to get victims to act immediately without stopping to think!
Nov
20
Filed Under (Editorial, Tips) by David Wiles on 20-11-2017

All of us suffer from e-mail overload. Our inboxes fill daily with a clutter of “important” mails, so it is often hard to determine which emails are legitimate, and which are phishing emails that have been designed to steal your personal info or inject malware into your computer.

I am a member of the Identity Theft Resource Center and they often provide me with valuable information and resources to combat phishing scams.

In a recent report they provided some shocking statistics, about the success of phishing attacks worldwide:

  • For instance daily, worldwide, one in every 2000 emails is a phishing email, meaning around 135 million phishing attacks are attempted every day!
  • Many of the phishing attacks try to trick you into a clicking a link that takes you to a fake webpage to fool you into entering personal information – it’s estimated that an average of 1.4 million of these websites are created every month – that is over 46 000 phishing websites that are created dailyover 1900 every hour!
  • Last week the Identity Theft Resource Center reported a new fake Netflix email about a suspended account. With many South Africans now moving away from satellite and cable subscription movie channels like MNET and DSTV, and subscribing to NetFlix, this poses a risk.
  • There is a new fake Amazon email asking you to verify your account.  Just think about this for a moment: It is very easy to purchase books, DVD, and thousands of other goods from Amazon, just at a click of a button. (you can even get a parrot to do it!) If phishers can get access to your Amazon account, then they have access to your credit card details!
  • Of course don’t forget the “classic” PayPal phishing email about unauthorized/suspicious account activity. I make use of PayPal and recieve several of these fake phishing mails every month.

According to a Verizon cybersecurity report, an attacker sending out 10 phishing emails has a 90% chance that at least one person will fall for it! Considering the fact that there are a little under 2000 personnel working at Tygerberg Campus, daily there is a chance that at least 20 people will be caught by phishing scams!

Phishing attacks get their name from the notion that fraudsters are fishing for random victims by using spoofed or fraudulent email as bait. Spear phishing attacks extend the fishing analogy as attackers are specifically targeting high-value victims and organizations, like the university. Instead of trying to get banking credentials for ordinary consumers, the attacker may find it more lucrative to target an enterprise like Stellenbosch University.

Spear phishing attacks can extremely successful because the attackers spend a lot of time crafting information specific to the recipient, such as referencing a pay increase, that a recipient may have just received or sending a malicious attachment where the filename references a topic the recipient is interested in.

What can we do about it?

A good general rule: Don’t give out personal information based on an unsolicited email request.

Learning to recognize and avoid phishing emails and sharing that knowledge with your colleagues, is critical to combating identity theft and data loss.

Here are a few basic tips to recognize and avoid a phishing e-mail:

  • It contains a link. Scammers often pose as the IRS, financial institutions, credit card companies or even tax companies or software providers. They may claim they need you to update your account or ask you to change a password. The email offers a link to a spoofing site that may look similar to the legitimate official website. Do not click on the link. If in doubt, go directly to the legitimate website and access your account.
  • It contains an attachment. Another option for scammers is to include an attachment to the email. This attachment may be infected with malware that can download malicious software onto your computer without your knowledge. If it’s spyware, it can track your keystrokes to obtain information about your passwords, Social Security number, credit cards or other sensitive data. Do not open attachments from sources unknown to you.
  • It’s from a government agency. Scammers attempt to frighten people into opening email links by posing as government agencies. Thieves often try to imitate the IRS and other government agencies.
  • It’s a “suspicious” email from a friend. Scammers also hack email accounts and try to leverage the stolen email addresses. You may receive an email from a “friend” that just doesn’t seem right. It may be missing a subject for the subject line or contain odd requests or language. If it seems off, avoid it and do not click on any links.
  • It has a lookalike URL. The questionable email may try to trick you with the URL. For example, instead of www.irs.gov, it may be a false lookalike such as www.irs.gov.maliciousname.com. You can place your cursor over the text to view a pop-up of the real URL.
  • Use security features. Your browser and email provider generally will have anti-spam and phishing features. Make sure you use all of your security software features.
    Opening a phishing email and clicking on the link or attachment is one of the most common ways thieves are able not just steal your identity or personal information but also to enter into computer networks and create other mischief.
Aug
17
Filed Under (Editorial, Tips) by David Wiles on 17-08-2017

“Hi. Just writing to let you know my trip to Manila, Philippines with my family has been a mess…I need you to loan me some money. I’ll refund it to you as soon as I arrive home.”

or…

“How are you and your family doing? hope this email find you all in good health and spirit. I am currently in Burkina Faso on vacation but i will return back as soon as possible due to my poor health. I have tried calling you severally but didn’t get through, please can you call me on … as soon as you get this email? I have something urgent i need to talk to you about.”

That is the kind of fake e-mail thousands of university employees get every year. It appears to come from a friend or a colleague, but is actually from a scammer on the other side of the world.

All these scams have the same story, they were out of the country, they’ve been robbed and they need assistance now, or they are ill, or in some sort of trouble and need your help… This trick relies on good natured people willing to help a friend.

The Stranded Traveler scam is a way to profit from hacking into someone’s webmail account – like Yahoo!Mail, Hotmail or GMail.

This usually happens when somebody has a simple, easily guessable password on their webmail account, or they have left their details on a phishing site.

Once the scammer has gained control of the “mule’s” email account, they log into the webmail account and:

  • Change the webmail password so the real user can’t login.
  • Grab a copy of all the contacts either from the contacts list or individual messages.
  • Filter out non-personal messages to target friends/acquaintances only.
  • Send the ‘stranded traveler’ message out to the contacts and hope for replies with money transfer details.
  • Meantime the real owner of the webmail account is probably unaware there’s a problem until they try to login to their email. Even then, they probably think they’ve forgotten the password rather than being hacked. It’s only when a friend contacts them directly that the scam is revealed – usually far too late.

How to protect yourself: There are various things you can do to prevent being a victim of this scam, either having your webmail hacked or receiving scam emails.

  • Don’t click on attachments in emails from strangers, or if they are from someone you know but look suspicious.
  • Have a complex, hard to guess password. Dictionary words aren’t enough. Preferably a mix of upper and lower case letters plus digits and other characters like (!@#$%^&*)
  • Don’t reveal the password to anyone, and be careful of email messages that pretend to come from the webmail provider. Phishing messages are the most common way that people giveaway their passwords.
  • If you get an urgent email from a friend, especially one asking for money, check with them using other means. Try to call them or check with mutual acquaintances to see if the story is true beyond what you’ve learnt in the email. At worst, you could reply and ask for some information only the real sender would know (keep in mind that the scammer can read/search the hacked webmail account).

So how do scammers get your email password?

  • Phishing websites: Typically a victim receives a message that appears to have been sent by a known contact or organization. An attachment or links in the message are clicked onby the victim and they are directed to a malicious website set up to trick them into divulging personal information, such as usernames & passwords.
  • Trojan programs: If you click on an attachment in an unknown email, it can trigger your computer to download a “Trojan” program that then allows cyber criminals to see every key stroke you make –including your email password.
  • Password breaker program: Often called a “brute force program,” this is software bad guys use to try every combination of numbers and letters until they hit on your password.
  • Email addresses used as logons: You know how many websites have you set up an account using your email address as your User ID? If you then use the same password for that account that you use for email, criminals have what they need: your email address and your password.
Jul
25

These days, it seems we have to hand out our cellphone number like sweets at a kids party. Whether it be required for signing up for a new account, entering into a raffle, returning a purchase at a retail store, or registering for a discount, your phone number seems to be like a “skeleton key” for opening up all manners of doors.

Does giving out your cellphone number put you at risk of identity theft?

The answer is both “Yes” and “No”.

Yes, oversharing or giving out your number too frequently can lead to more scam calls, texts or unwanted solicitors. These days, our cellphone numbers are being used increasingly by information brokers to gain access to personal information that’s kept by nearly all corporations, financial institutions, and social media networks.

If someone you had just met asked you for your ID number, you would likely not give it to them. What if the same person asked you for your cell phone number? My guess is that you would readily tell them the ten-digit number, with no questions asked.

No, identity thieves cannot open new lines of credit, apply for benefits or make large purchases with your cellphone number.

However, the real threat is with the device itself.

Your cell phone number – which is unique to you – is the doorway to your identity. It provides an entrance to all the data contained on your phone, and can link your other information to you – your email address, physical address, bank account number etc. If your smartphone falls into the wrong hands and isn’t protected, a thief could access your email account and change all of your account log-ins, get into your Facebook and post malicious links, access your two-factor authentication, or even drain money from your mobile wallet.

What can you do about it?

  1. Safeguard your mobile device: Make sure it has a passcode and is set to lock quickly. You’ll also want to have a phone finder app installed so that if it is lost or stolen you can either find it, or worst case, remotely erase all of your data.
  2. Use common sense: If you’re asked for your phone number, ask why. In general, don’t give it out to people you don’t know see if you can leave it blank on online forms – even if that means it may take a few seconds more to identify you the next time you make a purchase.
  3. Enable two-factor or multi-factor authentication on all your devices: This is what happens every time you go to an ATM: to make a withdrawal you need both your debit card and a PIN number. That’s two-factor authentication, which increases the level of security on your devices.
  4. Sign up for the “do not call” lists, which are helpful for run-of-the-mill solicitations. While hackers don’t subscribe to such lists, you won’t get as many pesky marketing calls.
  5. Get more than one cell phone, and only gives out the number to the phone that contains no data or links to personal information.
  6. Choose which private data you are willing to share: When asked for your cell number, especially at a retailer, you may be able provide an email address, zip code or just your name as a way to identify you. It’s worth asking about.

All of this takes more time and effort, but ask yourself ow much privacy and security are you willing to trade away for a little more convenience?

Jun
27
Filed Under (Editorial, Tips) by David Wiles on 27-06-2017

Your smartphone can be easily hacked easily if you plug it in to charge via USB at a public place like an airport, cafe or on public transport.

Researchers at security firm Kaspersky Labs found that they could install a third-party application, like a virus, onto the phone via its USB cable connection to a computer. It took them under three minutes.

They also found that the Android and iOS phones tested leaked a host of private data to the computer they were connected to whilst charging, including the device name, device manufacturer, device type, serial number and even a list of files.

It’s well known that public Wi-Fi connections are a security risk, but did you know that the USB cord used to charge your phone is also used to send data from your phone to other devices?

By pairing it with any charging station (airport, plane, mall), which usually has a computer hidden behind it, you run the risk of having your photos or contact info sent to that device. If the computer behind the charging station is compromised, it could inject malicious code directly into your device.

You should also avoid connecting your mobile device via USB to a rental car’s entertainment system just for charging. Use the cigarette lighter adapter instead so you don’t have to worry about your personal info being stored in a car that’s not yours.

How to protect yourself:

  • Only plug your phone into trusted computers, using trusted USB cables
  • Protect your cell phone with a password, or with another method such as fingerprint recognition, and don’t unlock it while charging.
  • Use encrypted apps like WhatsApp and iMessage to communicate
  • Antiviruse programs can be a pain, but they help to detect malware even if a “charging” vulnerability is used.
  • Always update your cellphone operating system to the most recent version, as that will have the most up-to-date bug fixes.

Save

Malware: Is a general term used to refer to a variety of forms of hostile, intrusive, or annoying software.
The term “malware” is a compound word from two other words “Malicious” and  “software” and describes software created by hackers to disrupt computer operations, gather sensitive information, or gain access to private computer systems.

Malware includes computer viruses, worms, trojan horses, spyware, adware, most rootkits, and other malicious programs.

Some forms of malicious software are:

Spyware is a type of malware installed on computers that collects information about users without their knowledge. The presence of spyware is typically hidden from the user and can be difficult to detect. Some spyware, such as keyloggers, may be installed by the owner of a shared, corporate, or public computer intentionally to monitor users.

While the term spyware suggests software that monitors a user’s computing, the functions of spyware can extend beyond simple monitoring. Spyware can collect almost any type of data, including personal information like internet surfing habits, user logins, and bank or credit account information. Spyware can also interfere with user control of a computer by installing additional software or redirecting Web browsers. Some spyware can change computer settings, which can result in slow internet connection speeds, unauthorized changes in browser settings, or changes to software settings.

Spam is the use of electronic messaging systems to send unsolicited bulk messages indiscriminately. While the most widely recognized form of spam is e-mail spam, the term is applied to similar abuses in other media: instant messaging spam, Usenet newsgroup spam, web search engine spam, spam in blogs, wiki spam, online classified ads spam, mobile phone messaging spam, internet forum spam, junk fax transmissions, social networking spam, television advertising and file sharing network spam

Phishing is attempting to acquire information (and sometimes, indirectly, money) such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication. Phishing e-mails may contain links to websites that are infected with malware. Phishing is typically carried out by e-mail spoofing or instant messaging, and it often directs users to enter details on a fake website which looks are almost identical to the legitimate one. Phishing is an example of social engineering techniques used to deceive users, and exploits the poor usability of current web security technologies. Attempts to deal with the growing number of reported phishing incidents include legislation, user training, public awareness, and technical security measures.

Spear-phishing is a more targeted form of phishing. Ordinary phishing involves malicious emails sent to any random email account, but spear-phishing email is designed to appear to come from someone who recipient knows and trusts — such as a colleague, business manager or human resources department — and can include a subject line or content that is specifically tailored to the victim’s known interests or industry.  Phishing attacks are so successful because employees click on them at an alarming rate, even when emails are obviously suspicious.

Pharming is a hacker’s attack intended to redirect a website’s traffic to another, bogus site.
The term “pharming” is a compound term based on the words “farming” and “phishing”. Phishing is a type of social-engineering attack to obtain access credentials, such as user names and passwords. In recent years, both pharming and phishing have been used to gain information for online identity theft. Pharming has become of major concern to businesses hosting e-commerce and online banking websites.

Save