The Clearsale Blog

Phishing and Pharming: Are You and Your Customers at Risk?

Phishing and Pharming: Are You and Your Customers at Risk?

Throughout history, people have used fishing and farming as a means of survival. In today’s computer age, cybercriminals are honing their phishing and pharming skills for a different kind of survival: Tricking unsuspecting individuals into revealing sensitive data that the cybercriminals then use to steal funds or identities.

These common cyberattacks can be devastating to customers, but they can be just as damaging to businesses: Dealing with phishing attacks alone costs large companies $3.7 million yearly.

To prevent their customers — and themselves — from falling victim, e-commerce merchants must understand how these cyberattacks work, what effect they can have on their businesses and the steps they should take to help secure customer data.

How Phishing Attacks Compromise Personal Data

A form of social engineering and identity theft, phishing scams try to trick individuals into revealing personal information, like Social Security numbers, user names and passwords, or credit card numbers. Fraudsters typically contact victims by text, email or phone, posing as an authority figure or a seemingly legitimate company to get the victim’s confidential data. They may even use actual company logos, authentic-sounding return email addresses and realistic-looking links in their communications to “spoof” unsuspecting customers into providing sensitive data. And these emails work: 30% of phishing emails get opened.

But e-mails are just one part of a fraudster’s scam to have victims submit their sensitive data right to a scammer’s database. Phishers may also install malicious software on computers, infect computers with viruses or even steal personal information off of computers.

Although many of these attacks take advantage of software and security weaknesses, they’re essentially still simple con jobs in which fraudsters disguise themselves as trustworthy individuals or businesses. And once they have their hands on a customer’s data, they’ll use it to open new credit card accounts or even commit identity theft.

Nearly 1.5 million new phishing sites are created monthly, and phishing attacks overall grew 250% in first-quarter 2016 — proof that recipients are still falling for them. Just last month, health- and fitness-tracking app MyFitnessPal was hit by a data breach, making its 150 million users at risk for receiving phishing messages.

The Widespread Risks of Pharming

Another common fraudster scam is pharming attacks, which also rely on the same fake websites and information theft. The goals of both attacks are the same: steal personal data and use it to apply for new credit cards, withdraw funds from the victims’ accounts, or even sell the data to buyers on the dark web.

But there are two ways in which pharming differs significantly from phishing.

1. Requires No Action by the Victim

Phishing attacks require victims to click a link to take them to the fraudulent website, but pharming attacks automatically install malicious code on a computer.

By “poisoning” the DNS cache — the stored list of previously visited websites — of computers, servers or networks, pharmers can misdirect users to fraudulent websites, even when they type the right address. As users start typing in a web address, like “PayP,” an autofilled suggestion seamlessly redirects the user to the fake website, where the user will log in as usual and unknowingly hand over their credentials.

Because this code requires neither consent nor knowledge to execute, many victims never realize their local DNS server has redirected their request to a fraudulent website.

2. Can Affect a Greater Number of People

Phishers also operate on a smaller scale, sending out thousands of emails in the hopes that a gullible victim will take the bait and click a link. But pharmers can scam anyone that visits a particular website — or even starts to type in the name of a web address — giving them a much wider reach.

These “domain spoofing” attacks are increasing, in part because fraudsters are looking for new ways to collect sensitive personal data from Internet users who are learning how to avoid phishing attacks. In 2017, a pharming attack hit more than 50 financial institutions and its customers in the United States, Europe and Asia-Pacific. Before it was stopped, the attack infected more than 3,000 computers in just three days.

But it’s not just large companies that are vulnerable. Drive-by hackers can even change the DNS setting on a customer’s insecure home router, allowing for the redirect to fraudulent websites.

How Merchants and Customers Can Help Prevent These Attacks

It’s easy for customers to believe they’re communicating with — and providing information to — a legitimate company. After all, the fraudsters are using real logos, legitimate-looking web addresses and realistic looking links.

One way to help reduce the risk of attacks is for merchants to assure customers that they’d never send any electronic communication that asks for personal data — and for customers to notify merchants if they receive any suspicious communication.

Merchants can also help customers avoid being a fraud victim by telling them to:

  1. Avoid clicking on any links in an email; instead, open a new browser window and type the company’s web address.
  2. If they must click on a link, first hover their mouse over it to ensure they’re being directed to a trusted source.
  3. Report suspicious emails directly to the company from whom the email allegedly came. Many companies, like PayPal, even have a dedicated email address for customers to send suspicious communications.
  4. Do not respond to data requests from companies with whom you have no relationship.
  5. Only enter sensitive data on secure websites. Customers should look for website names that begin with “https,” have the lock symbol or have a certificate from a company like Verisign.

But when it comes to fraud prevention, it’s also important for merchants to up their cybersecurity game and put tools in place that will work 24/7/365 to identify emerging risk indicators and protect a merchant’s revenue and reputation.

If you’re not sure if your fraud prevention solution can keep pace with the quickly evolving world of fraud, contact a ClearSale analyst today. They can help you analyze the different fraud protection solutions available to you and demonstrate why ClearSale’s robust hybrid approach is the solution of choice for vendors worldwide.

ClearSale Fraud Protection Buyers Guide

You may also like

Reducing Ecommerce Cybercrime

Reducing Ecommerce Cybercrime

Cybercrime, in all forms, is growing. But the COVID-19 pandemic and ensuing rise in online shopping, has given rise to an increase in card-not-present (CNP) crime. To find out more—and learn how..

What Can Hackers Do With My Email Address? A Lot. Here’s How to Protect Your Identity

What Can Hackers Do With My Email Address? A Lot. Here’s How to Protect Your Identity

Yahoo Life is committed to finding you the best products at the best prices. The products written about here are offered in affiliation with Verizon Media, Yahoo Life's parent company. We may..

Global Ecommerce Consumer Survey Compares Shopping Habits, Fraud Worries, Customer Experience Expectations

Global Ecommerce Consumer Survey Compares Shopping Habits, Fraud Worries, Customer Experience Expectations

Sapio Research study conducted by ClearSale shows which consumers are most comfortable with cross-border shopping, most worried about online fraud, and most likely to abandon a merchant after a..

If Your Store Had No Ecommerce Fraud This Holiday Season, You May Have a Larger Problem

If Your Store Had No Ecommerce Fraud This Holiday Season, You May Have a Larger Problem

Fraud is a costly problem for merchants, and it’s growing. The cost of fraud to retailers is up 6.6% this year over last, according to LexisNexis. And merchants may have been extra concerned about..

Retailers Need to Fully Accept Mobile Device Shopping in 2021

Retailers Need to Fully Accept Mobile Device Shopping in 2021

Retailers need to turn the disruption caused by the pandemic into an opportunity, and this opportunity exists online, explains a leading analyst. Retailers need to identify and follow consumer..

Five Ways to Master Digital Transformation in 2021

Five Ways to Master Digital Transformation in 2021

The retail landscape was already changing rapidly, thanks to a digital revolution that has changed how we work, shop, and live. Add in a global pandemic, and you have a massive and widespread..

Are You Cybersecure?

Are You Cybersecure?

With more consumers shopping online, retailers and brands must have sufficient cybersecurity \systems in place to protect themselves and their customers. We ask some industry experts about how the..

Why Security is Key for the Growing Number of Older Online Shoppers

Why Security is Key for the Growing Number of Older Online Shoppers

This year has been a pivotal one for the UK retail world. Brick-and-mortar stores were ordered to close their doors for three months in March, forcing shoppers to venture online if they wanted to..

Ecommerce Fraud Risk: Hong Kong

Ecommerce Fraud Risk: Hong Kong

Hong Kong’s reliance on brick-and-mortar stores has made for slower growth in ecommerce. However, the region is flush with wealth and exceptional digital infrastructure, so the ecommerce potential..

Want to write
for our blog?

Please review our writers' guidelines
https://www2.clear.sale/press/clearsale-guest-blog-guidelines
and then email guestwriter@clear.sale with your pitch!

Subscribe to our blog