- Home
- eServices
- Deposit Accounts
- Consumer Loans
- Real Estate Loans
- Business Banking
- SFCU Rates
- About SFCU
- Member Education
- Stanford Students
What you can do about Phishing and Pharming
Phishing scams usually start with an email that looks like it came from your bank, Credit Card Company, or ISP. The fraudulent email usually claims to be a customer service message giving you a reason why you must update your account information and provides a link to the forger’s website. At this website (which typically looks like the genuine one) you will be asked to update your password and other pieces of sensitive information. With this information the forger gains access to your online accounts. You should always be suspicious when asked for personal information, especially when asked by companies or organizations that should already have the information.
Steps You Can Take to Help Protect Yourself from Phishing
- Rather than using the provided link in the email, you should copy the link and email it to the legitimate company or business, asking if the email is legitimate. If it is fraudulant this step could help shut the phisher down faster.
- If a Website address is unfamiliar, it’s probably not real. Only use the address that you have used before, or start at your normal homepage.
- Most companies require you to log in to a secure site. Look for the lock at the bottom of your browser and “https” in front of the Website address.
Phishing is obviously illegal, but it is not terribly difficult to execute. This is why it is the fastest growing crime in recorded history. That may change soon as Phishing scams are being vigorously investigated by both public law enforcement agencies and the private sector.
About Pharming
Pharming usually doesn't involve emails, and is more complicated than Phishing. This illegal activity involves attacking domain name servers within the Internet's structure so that traffic to specific legitimate sites is redirected to the Pharmer's illegal sites.
The Internet's structure doesn't use URLs the way that human beings do. We use letters, by and large. Internet servers, routers and other devices, use numbers called IP addresses. When a person types www.citibank.com into a browser that URL is translated into Citibank's IP address, which is 192.193.195.132. The person's browser session is then routed to and connected with Citicorp's computer network.
Pharmers hack the servers that do those translations and replace the legitimate IP addresses with their IP addresses. So, in the example above, a hacker would replace the correct IP address with a phony one (e.g., 123.456.789.121), which would route consumers to their fraudulent web sites. That fraudulent web site would be designed to look like a Citibank page and would ask for sensitive data.
What does SFCU do to Protect you from Phishing and Pharming?
- First, forgers have absolutely no way to present individual PassMark images to CUOnline users. Members are accustomed to seeing their unique images during the login process. If they don't see their PassMarks, they will be alerted to the scam.
- Secondly, we have a program that continually verifies that the DNS servers of the Internet are translating all of SFCU's URLs into the correct IPs addresses. If someone were to attempt to perform Pharming with SFCU as the intended victim, we would know immediately and could correct entry within minutes.
