Thursday, March 10, 2005
New-style phish attack
Phishers (online scammers) have found a new way to relieve us of our personal information: sending us to bad Web sites. It's the early days of this new exploit, called "DNS poisoning," which automatically sends people unawares to fake sites, so not that widespread, but it never hurts to be alert. The exploit attacks what are called DNS servers, ZDNET UK reports, not family computers. They're the servers out on the Net that translate the Web addresses or URLs we type into our browsers into the IP numbers of Web sites. The numbers that get swapped in are those of fake Web sites which we go to instead of the ones we *thought* we were clicking to, and which request "updates" or "verifications" of our bank account numbers and such. Some PC security experts are calling this new exploit "pharming" instead of "phishing." Adults are more likely to fall victim than kids, because so far the attackers are going after financial info, but the technique can be used to send people to all types of sites, and experts warn that it can only get more sophisticated. One safeguard is some software I've reported on in the past - see "To foil phishers." For "traditional" phishing prevention, there's the Washington Post's little phish-detection quiz. In any case, tell your kids to be careful about what they click to from emails, instant messages, and ads in Web sites. In online communications, sometimes hackers pose as "friends" or people on one's buddy list - I'll write more about this soon.