Pharming - Beware the latest type of ID theft.

Beware the latest type of ID theft by Nancy Luna, Columnist, The Orange County Register

    I've been pharmed.
    No, my DNA hasn't been hijacked as part of some biotechnological gene study. Instead, I'm talking about a different kind of experiment, in which thieves go after something else: my identity.
    Pharming is a term floating around these days to describe a sophisticated form of phishing. Phishing is a scam in which crooks send bogus e-mails to folks in the hopes of tricking them into replying with sensitive information, such as bank account and Social Security numbers.
    Lately, consumers have become a bit more savvy, learning to delete phishing e-mails or to prevent them by installing anti-spam software on their computers.
    But, pharming takes phishing up a notch.
    For example, one of the pharming e-mails I got allegedly came from PayPal; where my husband has an account. The message said PayPal had received a "report of unauthorized credit card use associated with" the account. The e-mail provided me a link to a web site dubbed the PayPal "Resolution Center," which would help me review my account information.
    Curious, and suspicious, I did a dangerous thing: I clicked.
    The link took me to a web site that had a PayPal logo and looked totally legit. When the site asked for my account information, I stopped cold and forwarded the link to PayPal. A representative of the online payment firm confirmed my suspicion, telling me that I had been spoofed by a fake corporate web site.
    And that is the danger: Pharming diverts unsuspecting computer users to bogus corporate web sites that look like the real McCoy. In most cases, pharming doesn't even involve e-mails. Here's where it gets really scary. Often, a user can type in the web address, or URL, into a browser and still be redirected to a phony corporate site, where hackers then lure you into giving out personal information.
    The Department of Justice estimates that 2,800 fake web sites exist in the world and are growing at rate of 15 percent each month.
    Luckily, I wasn't tricked.
    But others have been, and the consequences are mind-boggling. Identity theft, which is the one of the fastest growing types of consumer fraud, costs the average victim $740, and takes roughly 600 hours of time to resolve, according to data announced at a recent identity-theft conference held in Los Angeles by the Federal Deposit Insurance Corporation. The latest federal data shows that in 2003, the total tab to consumers and the economy was over $50 billion.
    So, if you think you're on a suspicious site, get out quick. Or you might face "clicker's remorse," like Mark Barrus, a businessman who fell for the bogus PayPal e-mail.
    His Huntington Beach company, www.iwanttoquitsmoking.com, received the same message I did, asking him to update his company's records. The site was so convincing with its PayPal and eBay logos, Barrus wound up giving away the farm - inputting his company's bank account numbers, PIN codes, and his Social Security number. That cost him roughly $4,000 because he shut down his company for three days to undo the damage by cancelling accounts and opening new ones, he said.
    He's also paying Equifax $25 a month to monitor his credit in case someone uses his Social Security number. While Barrus admits he was his own worst enemy, he's furious at PayPal for not notifying him. PayPal spokewoman Amanda Pires said it has a team of employees dedicated to investigating these spoof web sites and routinely alerts its 71 million customers about the sites when they log in to their accounts.
    "It's disappointing that this happened to this consumer because that's what we work to avoid every day," she said.
    The bottom line: Regardless of what Corporate America is doing to stem identity theft, companies can't do it alone. Consumers need to wise up, too.

          [Italics below are OURS]
    If you don't trust a link that's been sent to you, hover your mouse over the web address and look at the bottom of your browser to check out the "real domain" server where the link is taking you. If you see a string of numbers instead of the company's corporate name, it's probably a spoof.

    When on a corporate web site, look for any sign of authenticity such as a "lock" symbol at the lower right-hand corner of the browser. This symbol indicates it's a secure site, according to PayPal. For a list of possible suspicious pharming sites, go to www.pharming.org.

          [Italics below are OURS]
    Also, remember, no legitimate company, bank or credit union asks its clients to provide sensitive account information by e-mail or require online confirmation of information you've previously provided them.

    Before deleting a bogus e-mail, forward it to the business being spoofed and to the Federal Trade Commission, which investigates and prosecutes online scammers. E-mail the FTC at spam@uce.gov.
    Lastly, if you're not sure its legit, then don't click.