Author: Nyman Gibson Miralis

Subject: Phishing and Pharming

Keywords: Cybercrime, Phishing, Pharming, Overview

 

In an ever increasing globalised and digitalised world, the use and accessibility of the internet has put everyday people at constant risk of falling into the traps of cybercriminals.

From simply opening an email from a sender you do not recognise to being randomly redirected to seemingly authentic websites.

Below is some information to assist you in protecting your confidential information from cybercriminals who seek to ‘phish’ and ‘pharm’ for your details.

 

What is involved in the cybercrime of “phishing”?

Phishing involves the fraudulent practice of sending ‘spam’ emails that appear to be from well-known and reputable companies that are designed to induce individuals to divulge personal information, such as bank and credit card account details.

Phishing is a criminal offence.

 

What is the difference between pharming and phishing?

Whilst phishing and pharming may appear similar, there are subtle differences which you need to be aware of. Phishing relies on an internet user clicking on a spammed link to either:

  1. Infiltrate their computer with viruses or
  2. Obtain personal information through you voluntarily entering such information.

Pharming is different and much easier for a cybercriminal to gain access to your personal information. Through malware viruses that have been downloaded onto your computer, pharming will redirect a victim to a bogus website.

Even if you  type the correct web address of your financial institution or other online service into your web browser.

 

How do cybercriminals ‘phish’ for your details?

A phisher will entice the individual to a particular website through ‘bait’ in the form of a phony email, website address, or link. Cybercriminals will send millions of these fraudulent ‘spam’ emails to random e-mail addresses in the hope of luring innocent people to their particular website.

Each email will contain a message that will appear to come from a legitimate, well-known and trusted company. The emails will usually try to elicit an emotional response from an individual and urge that particular person to respond to a false crisis.

Once the link is clicked in the email, there is usually a redirection to the ‘phishers’ website. If the link is followed, viruses, such as Malware can infect your computer and capture your keyboard strokes which includes any typed information.

As cybercrime has grown and evolved, there is an even greater likelihood that simply clicking on an unrecognisable link will download a virus that has the potential to capture your confidential information.

Such information can vary from social networking and Apple ID login details to your banking information.

 

How do cybercriminals ‘pharm’ for your details?

Every website has an Internet Protocol (IP) address, and pharmers will exploit that host name in a number of ways in an attempt to gain a user’s personal information. Such tactics include:

  1. Slight misspelling of domain names: This will inadvertently trick users into using the pharmer’s website. For example a pharmer may direct from www.NGMbank.com.au by using the URL www.NGMbnk.com.au
  2. Malicious Software (Malware) – Viruses and Trojans which can intercept an internet users request to visit a particular site (in this case www.NGMbank.com.au) and redirect the user to the site the pharmer has established (www.NGMbnk.com.au)
  3. Domain Hijacking – where a hacker steals and redirects all internet web traffic from a legitimate website to the website the pharmer has established.
  4. Domain Name Server (DNS) Cache Poisoning – This is a type of attack that exploits vulnerabilities in the DNS system. The result is that internet traffic will be diverted from legitimate websites to fake ones. DNS poisoning is extremely dangerous because it can spread from server to server.

 

How prevalent are the cybercrimes of phishing and pharming?

The growth of fraudulent cybercriminal activity is on the rise. A recent study conducted by the Australasian Consumer Task Workforce found that of the respondents surveyed 98% reported having received at least one fraudulent invitation in the last 12 months preceding the survey.

The most common type of fraudulent invitation received was from:

  1. Computer support centre fraud (63%)
  2. Fraudulent lottery invitation (61%)
  3. Phishing schemes (55%)

Importantly, 77% of respondents who had received a fraudulent invitation reported they had received such an invite via email.

 

What to do if you have been the victim of a cyber-attack

It is important to remember that ‘phishers’ and ‘pharmers’ fraudulent scams can appear extremely convincing, hence why they are an effective method for cybercriminals to gain your personal information. If you believe you are the victim of an online fraud or scam you should report the incident to the Australian Cybercrime Online Reporting Network (ACORN).

If you notice an email from an unrecognisable sender, you should delete that particular email without opening it. Critically, do not respond to an email that asks you for your personal information.

If you have fallen victim to a cybercriminal attack and noticed irregularities in your bank account you should contact your financial institution immediately.

 

How can Nyman Gibson Miralis assist if you are being investigated for online or computer crime offences?

The investigation and prosecution of cyber crime is becoming increasingly international with multiple agencies around the world often involved in the process. Individuals and businesses may therefore become the subject of parallel criminal investigations and prosecutions raising complex jurisdictional and procedural issues. By its very nature cyber crime is borderless and therefore the exposure to penalties outside the jurisdiction where an individual or business is physically located is often a real possibility.

Nyman Gibson Miralis has expertise in dealing with complex national and international cyber crime investigations and advising individuals and businesses of defence strategies that take into account the complex and global nature of cyber crime investigation and criminal litigation. Nyman Gibson Miralis remains steadfast in ensuring the upholding of international law principles which focus on the protection of human rights within a transnational landscape.

Our expertise includes dealing with law enforcement requests for information from foreign jurisdictions, challenging potential extradition proceedings as well as advising and appearing in cases where assets have been restrained and confiscated worldwide.

The importance of obtaining expert advice in this complex area is highlighted by the multiple criminal and civil exposures individuals and companies may face globally.

Nyman Gibson Miralis has acted in significant cases of cyber crime / computer crimes globally and work strategically with lawyers around the world to ensure that you have the access to the strategic advice and representation.

 

What we can help with:

  • Malware & phishing offences
  • Computer hacking
  • Computer offences
  • Internet Fraud, Online Fraud, Email Fraud
  • Bootlegging and tripping
  • Bitcoin and Cryptocurrency fraud and seizure
  • Spreading viruses, identify theft
  • DDOS attacks, Botnet