The Clearsale Blog

Phishing and Pharming: Are You and Your Customers at Risk?

Phishing and Pharming: Are You and Your Customers at Risk?

Throughout history, people have used fishing and farming as a means of survival. In today’s computer age, cybercriminals are honing their phishing and pharming skills for a different kind of survival: Tricking unsuspecting individuals into revealing sensitive data that the cybercriminals then use to steal funds or identities.

These common cyberattacks can be devastating to customers, but they can be just as damaging to businesses: Dealing with phishing attacks alone costs large companies $3.7 million yearly.

To prevent their customers — and themselves — from falling victim, e-commerce merchants must understand how these cyberattacks work, what effect they can have on their businesses and the steps they should take to help secure customer data.

How Phishing Attacks Compromise Personal Data

A form of social engineering and identity theft, phishing scams try to trick individuals into revealing personal information, like Social Security numbers, user names and passwords, or credit card numbers. Fraudsters typically contact victims by text, email or phone, posing as an authority figure or a seemingly legitimate company to get the victim’s confidential data. They may even use actual company logos, authentic-sounding return email addresses and realistic-looking links in their communications to “spoof” unsuspecting customers into providing sensitive data. And these emails work: 30% of phishing emails get opened.

But e-mails are just one part of a fraudster’s scam to have victims submit their sensitive data right to a scammer’s database. Phishers may also install malicious software on computers, infect computers with viruses or even steal personal information off of computers.

Although many of these attacks take advantage of software and security weaknesses, they’re essentially still simple con jobs in which fraudsters disguise themselves as trustworthy individuals or businesses. And once they have their hands on a customer’s data, they’ll use it to open new credit card accounts or even commit identity theft.

Nearly 1.5 million new phishing sites are created monthly, and phishing attacks overall grew 250% in first-quarter 2016 — proof that recipients are still falling for them. Just last month, health- and fitness-tracking app MyFitnessPal was hit by a data breach, making its 150 million users at risk for receiving phishing messages.

The Widespread Risks of Pharming

Another common fraudster scam is pharming attacks, which also rely on the same fake websites and information theft. The goals of both attacks are the same: steal personal data and use it to apply for new credit cards, withdraw funds from the victims’ accounts, or even sell the data to buyers on the dark web.

But there are two ways in which pharming differs significantly from phishing.

1. Requires No Action by the Victim

Phishing attacks require victims to click a link to take them to the fraudulent website, but pharming attacks automatically install malicious code on a computer.

By “poisoning” the DNS cache — the stored list of previously visited websites — of computers, servers or networks, pharmers can misdirect users to fraudulent websites, even when they type the right address. As users start typing in a web address, like “PayP,” an autofilled suggestion seamlessly redirects the user to the fake website, where the user will log in as usual and unknowingly hand over their credentials.

Because this code requires neither consent nor knowledge to execute, many victims never realize their local DNS server has redirected their request to a fraudulent website.

2. Can Affect a Greater Number of People

Phishers also operate on a smaller scale, sending out thousands of emails in the hopes that a gullible victim will take the bait and click a link. But pharmers can scam anyone that visits a particular website — or even starts to type in the name of a web address — giving them a much wider reach.

These “domain spoofing” attacks are increasing, in part because fraudsters are looking for new ways to collect sensitive personal data from Internet users who are learning how to avoid phishing attacks. In 2017, a pharming attack hit more than 50 financial institutions and its customers in the United States, Europe and Asia-Pacific. Before it was stopped, the attack infected more than 3,000 computers in just three days.

But it’s not just large companies that are vulnerable. Drive-by hackers can even change the DNS setting on a customer’s insecure home router, allowing for the redirect to fraudulent websites.

How Merchants and Customers Can Help Prevent These Attacks

It’s easy for customers to believe they’re communicating with — and providing information to — a legitimate company. After all, the fraudsters are using real logos, legitimate-looking web addresses and realistic looking links.

One way to help reduce the risk of attacks is for merchants to assure customers that they’d never send any electronic communication that asks for personal data — and for customers to notify merchants if they receive any suspicious communication.

Merchants can also help customers avoid being a fraud victim by telling them to:

  1. Avoid clicking on any links in an email; instead, open a new browser window and type the company’s web address.
  2. If they must click on a link, first hover their mouse over it to ensure they’re being directed to a trusted source.
  3. Report suspicious emails directly to the company from whom the email allegedly came. Many companies, like PayPal, even have a dedicated email address for customers to send suspicious communications.
  4. Do not respond to data requests from companies with whom you have no relationship.
  5. Only enter sensitive data on secure websites. Customers should look for website names that begin with “https,” have the lock symbol or have a certificate from a company like Verisign.

But when it comes to fraud prevention, it’s also important for merchants to up their cybersecurity game and put tools in place that will work 24/7/365 to identify emerging risk indicators and protect a merchant’s revenue and reputation.

If you’re not sure if your fraud prevention solution can keep pace with the quickly evolving world of fraud, contact a ClearSale analyst today. They can help you analyze the different fraud protection solutions available to you and demonstrate why ClearSale’s robust hybrid approach is the solution of choice for vendors worldwide.

ClearSale Fraud Protection Buyers Guide

You may also like

Cross-Border Shopping Comes With Merchant Concerns

Cross-Border Shopping Comes With Merchant Concerns

THE PERILS OF FRAUD

International fraud protection leader ClearSale released an extensive analysis of its five-country study on consumer attitudes commissioned from Sapio Research titled, 2021..

An Inside Job at the Post Office (Pt.1)

An Inside Job at the Post Office (Pt.1)

What happens when the post office is in on the con? In part one of our conversation with Bruno Farinelli from ClearSale, he shares incredible stories of inside fraud jobs at the post office,..

ClearSale Recognized with 2021 Comparably Award for Best Company Outlook

ClearSale Recognized with 2021 Comparably Award for Best Company Outlook

Fraud protection leader ranked among businesses for high employee confidence and successful outlook

Mobile Application and Microtransaction Fraud: What It Is, How to Prevent It

Mobile Application and Microtransaction Fraud: What It Is, How to Prevent It

The exponential growth in digital commerce has made it easier and more convenient than ever for consumers to engage with brands.

One way they’re doing this is through mobile applications. While..

Critical Pandemic Lessons in Mobile Payment Fraud Prevention

Critical Pandemic Lessons in Mobile Payment Fraud Prevention

As the world pivoted to online shopping, work, and learning last year, the timeline for mobile usage growth jumped ahead by two to three years in the first half of 2020. Many retailers rolled out..

QR Code Payments Are Convenient, Great for Distancing, and Targets for Fraud

QR Code Payments Are Convenient, Great for Distancing, and Targets for Fraud

QR code payments have finally caught on in the U.S. after lagging behind adoption in China and other Asian markets. Why the change? The need for contactless payments brought on by the pandemic..

ClearSale Nominated for “Best Business Process Outsourcing” in the NORA Awards

ClearSale Nominated for “Best Business Process Outsourcing” in the NORA Awards

Retail association recognizes ClearSale’s valuable fraud protection services for businesses worldwide.

Advance Strategies to Eliminate Ecommerce Chargebacks

Advance Strategies to Eliminate Ecommerce Chargebacks

What can we expect e-commerce to look like throughout 2021? There's still a lot of uncertainty in the economy, but some strong trends emerged last year that merchants can build upon now as..

Not-For-Profits and Charities Are High-Risk Targets for Costly BIN-Bashing Fraud. Here’s What to Do About It

Not-For-Profits and Charities Are High-Risk Targets for Costly BIN-Bashing Fraud. Here’s What to Do About It

By Ralph Kooi, Australia Country Manager, ClearSale and Matt Humphries, Head of Sales and Marketing, Bambora

Want to write
for our blog?

Please review our writers' guidelines
https://www2.clear.sale/press/clearsale-guest-blog-guidelines
and then email guestwriter@clear.sale with your pitch!

Subscribe to our blog