Online fraudsters invent new way of stealing your money

Phishing is giving way to pharming as makers of net nasties find even more ingenious ways to capture your deepest secrets and your deepest bank accounts.

Phishing is the use of email messages to con internet users to go to a phoney site and type in their account number and password, which the phishers then use to steal funds or buy goods from the real site.

In its February Phishing Trends report, the Anti-phishing Working Group, a coalition of 800 banks, financial institutions, online retailers, software vendors and law enforcement agencies, said instant messaging is being used as an alternative.

Phishing without a lure is becoming more prevalent.

In what is known as pharming, the phishers get internet users to go directly to the phoney site.

Graham Connolly, Australia and New Zealand manager of Websense Security Labs, a company that creates black-lists and other software to block phishing and other unwanted websites, said pharmers use several methods that take advantage of well-meaning attempts to short-cut the internet by keeping previously used addresses in local files.

"They use viruses to get in and change the hosts file on your Windows computer," Connolly said.

"When you type in mybank.co.nz, the computer looks up the IP address in the hosts file and sends you to the phoney site. You have no clue you have been phished because you have not replied to an email. It is a powerful way to fool someone."

The best defence is keeping anti-virus software up to date.

Another pharming technique is DNS cache poisoning, which involves attacks on DNS (domain name system) servers at ISPs or corporate firewalls.

Last month crackers broke into Symantecs Enterprise Firewall and Enterprise Security Gateway products, instructing them to redirect surfers trying to reach popular sites such as google.com and ebay.com to servers that downloaded a piece of spyware to their machines. Keyloggers, a form of spyware that logs your keystrokes to send to some outside server, is the other main sort of lure-free phishing.

Phishers may also hijack domain names that have been allowed to expire or present what appear to be pop-up windows from trusted sites.

Websense identified 13,141 versions of phishing email messages in February, 2 per cent up on the previous month. The average monthly growth rate since July 2004 is 26 per cent.

The number of websites supporting phishing attacks rose 1.8 per cent to 2625 in the month. The sites are up on average for 5.7 days.

Websense has seen more small e-commerce sites and regional banks becoming victims. Phishers hijacked 64 brands for their campaigns in February, with six brands accounting for 80 per cent of campaigns.

More than 37 per cent of phishing sites were hosted in the United States, but the number hosted in China (which includes Hong Kong and Taiwan) increased 10 points to 28 per cent. Korea hosted 11 per cent.