Pharming More Lucrative Than Phishing

Pharming makes more bucks than phishing. Now, when I told my technology clueless husband this, he said, “Of course farming makes more money than fishing, you can cover a bigger area with a tractor than with a fishing pole.” I then had to explain what I was talking about.

Pharming is an expanded and harder to prevent version of phishing. For example, a pharmer sends an email message to you stating your bank account information needs to be updated. The message also contains a virus that installs small software programs on your computer. The bad thing is you don’t even have to click on anything to start the installation. Once installed, when you try to go to your bank’s real website the virus redirects you to a bogus site. Even if you type the correct address in your browser, it redirects you. You will not be able to tell the difference just by looking at the page because the thief has stolen all the graphics and programming and the pharming page looks legitimate.

According to US Netizen, “The pharmers’ second method takes advantage of the fact that Websites have alphanumeric names but reside at numeric addresses on the Internet…Pharmers interfere with that process by changing the real site’s numeric address to the fake site’s numeric address within the DNS server.”

Currently, only Windows based DNS servers are affected by the pharming schemes and Microsoft Windows has a patch available for the Windows NT4 and Windows 2000 servers.

So, how can you guard against pharming on your computer?

1. Call the company and verify they sent you the email.
2. NEVER update account information via email.
3. Install and religiously update your antivirus software.
4. Use antispyware and have a secure firewall in place.
5. Be suspicious, if something does not look right about the site, do not use it.
6. Check out this list of popular websites that use secure login pages and the surprising list of those who do not: www.pharming.org.
   
   Good resources:
   McAfee
   Norton/Symantec
   Microsoft
   PCWorld
   US Netizen

Sharon Cawood
Community Relations & Business Development Professional
sharon@ntown.com

The 21st Century Education Plan

I think Harold is on to something here that would work - check it out The 21st Century Education Plan

Permanently Employable

You can go to college and get a degree, but part of what you should be learning is how to learn. Today's most employable workers persistently add to their skills with new technology, new programs and new information about their markets. With continuous updating they evolve as their careers advance. Now days, positions are more like projects. We move from one project to another and sometimes we get lucky and our projects are with the same employer, but there's no guarantee. To be a permanent employee today means you are permanently employable. Check these out:

• International Roundtable on Training
• What Does Training Accomplish?
• A Tale of Three Little Pigs: Building the Learning Society with Straw

Sharon Cawood
Community Relations & Business Development Professional
sharon@ntown.com

Pigging Out in Lower Alabama

We have a little place in Lillian, Alabama where we escape for long weekends and some holidays. I don't do much cooking while down there, so we've discovered some great places to eat. Here are some of my favorites.

King Neptunes Seafood Restaurant - the best little seafood place in the area. Southern Living even did an article about them a couple of months ago. Oysters and shrimp fixed any way you like them. Lunch prices are cheap. 1137 Gulf Shores Pkwy., Gulf Shores, AL 36542, phone 251-968-5464 and email neptune@gulftel.com

Green's Ole Tyme Bar B.Q. - a little hole in the wall - great breakfast and a barbeque sandwich that will feed three people. Get there early; it's crowded when the locals arrive. 34291 Hwy. 98, Lillian, Alabama 36549, 251-962-7200.

Crazy Horse Cafe - Winnie is the owner and her daughter is a teriffic cook. Great home cookin' and wonderful ribs. If you drop the ribs on your plate the meat falls off the bones. Look for the sign that hurricane Ivan twisted around and bent. At lunch time, the locals get there early and wait outside for them to open the door. Crazy Horse desserts are homeade by little ladies in the community and they always have about a dozen cakes, cobblers and pies to choose from. The address is 13110 Lillian Highway (Hwy. 98), Pensacola, FL, 850-455-5252.

On the way back home we stopped at the Burris Farm Market on Highway 59 in Loxley, Alabama. The peach cobbler with ice cream is out of this world. It's worth a drive for it. They grow their own produce.

We had lunch at Smokin Joe's Restaurant, exit #205 off I-59 on Alabama Hwy. 68 in Collinsville, Alabama. We've been driving by that place for about a year and always found the parking lot full. We finally got up the nerve to try it. The fried pork chops and ribs are great. Collinsville is about 65 miles southwest of Chattanooga, Tennessee.

Who's Phishing in Your Pond?

How many times have you received email messages that look as if they are from your bank or credit card company and it turned out to be part of a fraudulent scam? Someone was phishing in your pond. Phishing (fĭsh’ing) is defined by Webopedia as, “the act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft.” www.webopedia.com

The term phishing is derived from the fact that Internet thieves are using their email messages as bait and are fishing for people who will get hooked and give them personal information they can use to steal identities. This is a social engineering attack and is also known as spoofing.

How does phishing work?
A spammer fabricates an email message to make you think it is legitimate – it may contain your bank’s logo, resemble their website and contain what looks like links to their website. The phishers will do everything possible to make you believe the message is coming from your trusted financial organization.

In the email message, they ask you to click on a hotlink to verify your account number, password, social security number and other personal information with your financial organization. They usually threaten that if you do not follow the instructions your account will be closed or locked. If you fall for the scam and give them the information, the thieves can use it to steal your identity and wipe out your bank account or charge against your credit cards.

What can you do to protect yourself?

1. Don’t fall for the bait. Do not respond to the phisher. Do not give your personal information through email.
2. Before you delete the message forward it to the company being impersonated (your bank, credit card company, AOL, e-Bay, etc.)
3. Forward the message to the Federal Trade Commission at spam@uce.gov who will investigate and prosecute the offenders.
4. You can also forward the message to reportphishing@antiphishing.com and file a complaint with the FBI at www.ifccfbi.gov.

For the most part, online banking and e-commerce are safe. Reputable companies will never ask for your account and personal information through email messages. Check to make sure you are using a secure website when banking or purchasing through the Internet. The lock symbol in the bottom right corner of your browser should be visible and the website address should begin with “https://” rather than “http://”. Use common sense when asked for personal information. Ask why and do not be afraid to refuse to give the information.

Security Awareness for Ma, Pa and the Corporate Clueless published a mention of this article on August 2, 2005.

Sharon Cawood
Community Relations & Business Development Professional
Sharon@ntown.com

Information Assurance: What the heck is that?

If you are like I am, at first glance I had no idea what the term information assurance meant. As it turns out, the meaning is simply what the term says – making sure your information is guaranteed secure.

“Protect valuable information assets and personal data from external and internal threats” is the definition given by The Free Dictionary. www.thefreedictionary.com

Where do you practice information assurance?
Common actions you probably already do to practice information assurance could be using a password to log into your computer. When you enter your pass code for your debit card at the Wal-Mart check out…you are practicing information assurance.

Do you shred your mail before you toss it into the trash can? You should. Identity thieves could use the information contained in your mail to wipe out your bank account and have a holiday with your credit.

The Alliance for Telecommunications Industry Solutions (ATIS) defines information assurance as “The protection of systems and information in storage, processing, or transit from unauthorized access or modification; denial of service to unauthorized users; or the provision of service to authorized users. It also includes those measures necessary to detect, document, and counter such threats.” www.atis.org

Wow, that’s intimidating. Do you lock your car? How about your house? Both actions are practicing information assurance. The threat of someone being able to access your personal information is less likely if they cannot enter your private vehicle or your home without your knowledge or invitation.

Do you carry your Social Security card in your wallet? You should leave it at home or in a secure place and only carry the card with you when you anticipate needing to use it. Your Social Security number along with your driver’s license could be a field day for an identity theft. Are your Social Security and driver’s license numbers printed on your checks? Remove the numbers and decrease your risk for theft.

Walter L. McKnight, Ph.D., senior information assurance engineer at Shim Enterprise, Inc. uses the definition given by the Industry Advisory Council, Shared Interest Group on Information Assurance in his article defining the term. IACSIC defines information assurance as "Conducting those operations that protect and defend information and information systems by ensuring availability, integrity, authentication, confidentiality, and non-repudiation. This includes providing for restoration of information systems by incorporating protection, detection, and reaction capabilities." www.iaconline.org


That’s another mouth full. Do you regularly back up your computer hard drive? If your information is important to you, a back up can be a lifesaver when something unexpected happens to your system. This could be a power surge, hardware failure, fire damage or numerous other possibilities. Do you run an antivirus software program to protect your computer from malicious invasions? You are practicing information assurance if you have these practices in place.

Simply stated, information assurance is anything you do to protect your information and guarantee it is secure.

Ten More Things You Can Do to Practice Information Assurance

1. Remember to turn on the burglar alarm when you leave home.
2. Use a password that is at least eight (8) characters in length with a combination of upper and lower case letters, symbols and numbers. If you use Windows, you can simply make your password a phrase (at least 14 characters) that includes spaces and dramatically increase your security. A phrase will also be easier to remember.
3. Do not click on everything that pops up on your computer screen. Learn how to determine what you can trust.
4. Do not leave mail in your mailbox overnight. If you must, install a locked box.
5. Use a surge protector for your computer’s electrical cords.
6. When you drop your vehicle off for valet parking or service, give the attendant only your car key, not your whole set of keys. Your house and office keys could be duplicated and that would make entry easy for a thief.
7. Install a firewall on your computer system. This is especially important if you have a high speed Internet connection through your cable company.
8. If a sales person asks you for personal information when processing your order, do not be afraid to ask why they need that information.
9. Never give your personal information over the phone or by email to someone who calls or emails you. Reputable companies do not ask for information over the phone or through email unless you have initiated the contact with them and they need to verify your identity.
10. Do not leave an extra house key under your doormat. That is the first place an intruder might look. Give the extra key to a trusted friend or neighbor instead.
    
    

Sharon Cawood
Community Relations & Business Development Professional
Sharon@ntown.com