Most investors should be currently aware of the “phishing” scams that send fraudulent E-mails directing you to log onto your bank or brokerage firm to verify personal information. These fraudulent E-mails are made to look like official correspondence but direct people to fake sites that try to capture personal information such as account numbers, passwords, and Social Security numbers. Financial institutions don’t solicit this information from their customers and most people know better than to respond to E-mails with personal data. [For more on phishing see the September/October 2004 Computerized Investing Editor’s Outlook]
The latest identify theft risk is coming from “pharming” attacks that direct your movement to alternate Web sites. How does this happen? Whenever you browse the Internet by entering a Web address—such as www.aaii.com—into the address bar of your browser, you are actually directed to the site by looking up a numerical address on a DNS server (domain name server). DNS servers around the world tell your computer to go to 126.96.36.199 whenever you type in www.aaii.com. Without the DNS servers, your computer would need to know this numerical IP address.
When an address on a lookup table on a DNS server has been hijacked—say, your bank’s Web address—you will actually be directed to a different site that has been made to look like the official site. Furthermore, the address bar will make it look like you are at the requested site. Hackers have poisoned DNS entries tied to major sites such as eBay, Amazon and Google. Your main defense against such a spoof is to check the security certificate of the site you are visiting.
Your computer keeps a local list of Web address lookups that supersede any external DNS lookup. This simple text file is called a “hosts file.” Virus writers have hijacked hosts files to prevent users from accessing antivirus security sites. They could go one step further and quietly change your hosts file to redirect any attempts to visit a financial institution to a fake site. We have not yet witnessed this type of attack in the U.S., but individuals in countries such as Brazil have been infected with viruses that redirect users away from local banks and toward spoof sites. A good antivirus program that is kept up-to-date with current virus signatures is your best defense against pharming attacks that modify your hosts file.
Unfortunately, most individuals need a combination of antivirus software, antispam software and the security of a firewall to provide protection. Security suites by vendors such as McAfee (www.mcafee.com), Norton (www.symantec.com), and Zone Labs (www.zonelabs.com) are available that provide single-source security and privacy solutions. Whatever software you use, it is important to stay current with your updates.
For more information on ways to protect your computer, see the article “Computer Systems for the Individual Investor” in the November/December 2004 issue of Computerized Investing.