Various researches during the 'cold war' era gave us many important technological products that are now became an inseparable part of a human life and un-arguably the most important and the most influential of them is the Internet! Internet is a child of Advance Project Research Agency (ARPA). ARPA was formed as a part of the United States reaction to the Soviet Union's launch of Sputnik in 1957. The APRA was found with the main goal of research in mind and hence it was not only used for military purpose. The main goal of ARPA was to research how to utilize their investments in computers via command and control (CCR). Dr. J.C.R. Licklider from Bolt, Beranek and Newman, (BBN) in Cambridge, MA was chosen as a head for ARPA command and control research. The main objective of Licklider was to shift the current computing processes from batch processing to a new and more capable interactive processing. [1] This is how ARPANET started. ARPANET initially protected the flow of information between various military installations by creating a network of geographically separated computers that could exchange the information via a newly developed standards or protocol know as Network Control Protocol (NCP). [3] The actual ARPANET started on August 30, 1960 when BBN delivered the first Interface Message Processor (IMP) to Network Measurement Center at UCLA, built using Honeywell DDP516 computer with 12K of memory designed to handle the ARPANET network interface [2]. And this is how the internet revolution started. The network which was very private and limited to only military and few academic institutions later on started expanding. By the end of the 1977 there were 111 computers connected to the ARPANET. In 1983 an unclassified military network called MILNET consisting of military computers split off from ARPANET because of the security reasons and which later on became a part of the Department of Defense's Defense Data Network. By the mid 80's ARPANER truly became global with the gateways to external networks across North America, Europe and Australia. The map of APRANET during 1985 can be seen from the network diagram created by Marty Lyons in 1985.
C:\Users\A\Documents\My Dropbox\Fall10\Info Assurance\Term papers\internet_gateways-1985-june-18-Marty Lyons.gif
Figure 1: Map of ARPANET by Marty Lyon, 18th June 1985 [3]
After this ARPANET started growing exponentially and in 1990 ARPANET was retired and most connected university computer were shifted to NSFNET by national Science Foundation. The NSFNET facilitated the Internet's first period of massive public growth [2].
In 1992 the Internet Society was charted and the number of hosts connected to the internet exceeded the 1,000,000 mark. In 1994 ARPANET celebrated its 25th birthday anniversary and the growth of internet continued and we know the rest of the story about how it expanded all over the world connecting various networks together forming a gigantic network of networks.
E - Commerce
Today internet has become an inevitable part of our life. We use internet every day for almost anything we can imagine for like business, education, shopping, information gathering, money transfers, business deals, chatting-emailing, communication and other thousands of things we can and cannot think of. But it all started with a small network of handful computers and no one ever thought that it would grow in such a huge size and become an inseparable part of humane life. Today we cannot imagine a day without an internet access. Millions of people use internet every day as the source of the income and internet business is in trillions of dollars today. But while developing the ARPANET or NSFNET no one ever had an idea that internet could be used for above mentioned purposes. All this form of electronic transactions we carry out using internet or any other capable communication devices are known as Electronic Commerce or 'E-commerce'. E commerce is a very broad term and we cannot exactly define what processes are included under the term e-commerce. Although we think E-commerce is a new term and hence a new concept, it is not true! Electronic Data Interchange (EDI) and Electronic Fund Transfer (EFT) lies at the basis of E-commerce. Both concepts were introduced in late 1970's as a help for organizations to improve supply chain management and send the commercial documents like purchase orders and invoices electronically. These systems continued their growth in the coming decades and as a result acceptance of credit cards, telephone banking and use of automated teller machines (ATM) increased in the 80s. It was followed by the ERP systems, Data Mining and data warehousing in 1990s and E-commerce also started growing exponentially with internet. The earliest known many-to-many e-commerce sites dealing in the used computer parts was the Boston Computers launched in 1982 and the first online information marketplace with consulting was the American Information Exchange in the pre-internet period in 1991. [5]
The development and popularity of the internet increased rapidly after 1990, but it was only after introduction of various online security protocols HTTP and HTTPS along with the browser for general public such as Netscape Navigator the use of internet as a commercial medium increased. But the actual breakthrough was the introduction of 'amazon.com' by Jeff Bezos in 1995. It was the first major online retail site available 24 hours a day and round the year for shopping to regular customers. It was introduced as an online book store. Amazon.com offered a wide range of books that were not possible to keep in a physical store and not even possible to maintain in a mailing catalog. Jeff Bezos actually started the revolution in the e-commerce by starting an online store. There were many primary advantages to the online store compared to the physical store. Physical store cannot hold every book possible and cannot have limit on the number of copies of any book that it can hold. Also the customer base for any physical shop is limited to very small geographic area and will face a major competition from neighboring stores. This made the online store a huge success and the new form of business spun off. It was later joined by eBay an online auction site and many other online stores. This online business exploded beyond imagination and the new era began.
The inception of internet was so fast that slowly government organizations also started realizing the importance of the internet. Today many big companies and financial organizations use internet to exchange financial data and other important commercial documents to facilitate the international business. Government started using e-commerce facilities in its day to day operations such as tax filling and other important transactions. And now we use e-commerce for almost every day. Because of this massive use of online commerce, there is naturally huge amount of financial data available on the internet which is ideally needs to be kept secure and secrete. But the internet is two sided sword, as it is very useful and beneficial to humans at the same time it is very risky and unsafe medium if the caution is not taken while going on the internet. As there are good people trying to invent things beneficial to humans and struggling to make the life easier, there are many bad people out there who are equally talented as good people but they are not into inventing any good things but are struggling continuously just to exploit the people using the internet by various methods. So basically there is a lot of information available for these bad people which they can harvest form the internet and can use it in wrong way to benefit themselves.
Social Networking
Social networking is another new thing rapidly spreading on the internet. Now ideally in its basic meaning social networking is nothing but a group of individuals having something in common such as a living in the same area or going to a same class or having some common interests and share some common interests and knowledge interacting together. This is called as social engineering, but this is again limited to the very specific people because of the geographical, time and many other restrictions that we can think of. But the internet gives a whole new perspective to the social networking. Internet does not have the barrier of the locations, anyone from the world can connect and log on to the internet network whenever required, provided that person is having minimum required equipment. There is no restriction on the age limit of the user as long as they share the common interest. And the most important factor is number of users. In a physical setting a group of interacting individuals can be in 10's or at the max 100's like in a conference but on the internet there are millions and billions of people who can interact with each other and share their thoughts. Because of this social networking on the internet grew exponentially and now became one of the main uses of internet for youths. On the online social networking sites millions of users from around the world gather and share the first hand information on any topic right from cooking, gardening, golfing, professional alliances, friendship and many more such subjects that you can think of. [6]
In a general setting a website is used for online social networking and it is commonly referred as social sites or social networking sites. Site in this context is used as a web site. These social networking web sites functions similar to the online communities just like a social community in a real world. Now number of people having common interest accesses these communities depending upon their interest and knowledge. Once granted the access to these web sites users can begin socializing online. Here user can meet up with the people with common hobbies and share his personal knowledge and some personal information. The socialization includes sharing one's personal information as well as viewing other people's personal information, reading through their profile pages of other users and even contacting the users [6].
The most interesting part of online social networking is the ability to befriend the people on the internet. In this scenario you can be friends with a person living in any corner of the world and can share the information with him. This is a major hit in the online community and people started using these social networking services at a rapid pace. There are many benefits of social networking but again similarly there are many disadvantages of this online social networking.
With online social networking users put lot of their private and personal information on the internet. Now internet functions like an open book. There are at least 200 + social networking sites available with more than a million active users. Whatever is out there anyone can read. Whoever has an access to the internet and to any particular social networking site can read whatever the information available for any particular user. This causes a lot of personal data theft and can seriously harm someone if the information goes into the wrong hands. Also with the social networking many not so advance people come together on a particular website and hackers and spammers target such websites in order to spread spam mails or viruses, Trojans, worms etc. There is a major concern of identity theft using the social networking sites.
If we see the statistical data about the social networking sites our mind will boggle. Nielsen published stats showing that "three of the world's most popular brands online are social-media related (Facebook, YouTube and Wikipedia) and the world now spends over 110 billion minutes on social networks and blog sites. This equates to 22 percent of all time online or one in every four and half minutes. For the first time ever, social network or blog sites are visited by three quarters of global consumers who go online, after the numbers of people visiting these sites increased by 24% over last year. The average visitor spends 66% more time on these sites than a year ago, almost 6 hours in April 2010 versus 3 hours, 31 minutes last year." - Nislen.com/nilsenwire. If we see the statistical data about only one of the most popular social networking site which is amongst the top three social networking sites today, we can imagine the amount of personal data which is available on the internet. Facebook on its official press page displays the statistics about the users and usage of the Facebook around the world. The page states following statistics as of November 2010:
"More than 500 million active users, 50% of our active users log on to Facebook in any given day, Average user has 130 friends, People spend over 700 billion minutes per month on Facebook" - www.facebook.com/press.php
This gives us an idea of how many people are using this social networking sites and how much personal information is available on the internet about the users of these sites. Now this is all about the background of what we are going to discuss in this paper, but to get an actual idea and the intensity of the 'phishing and pharming' it is very important to understand why these concepts evolved and what exactly is so tempting out there in the world which forces many and many individuals and groups towards phishing and pharming activities.
Phishing
What comes to our mind when we first hear the term phishing? May be its similarity with the word 'fishing', where we catch the fishes by luring them with some sort of bait. It is similar to the actual fishing where we throw the bet out in the water, when most fishes will ignore the bait at least some of the fishes will get attracted to it and will get caught while trying to follow or eat that bait. Similarly during phishing people will send out the baits on open internet and while cautious people will not fall for it but the less cautious and ignorant people will definitely fall for it.
Phishing is a type of social engineering. Social engineering is the use of sophisticated technology used by criminals in order to gain access to your computer. Once gaining the access to your computer criminals can use it anyhow they want. They can commit some minor tricks with it or they can use this access to commit some major crime which may cause you financial or safety or identity loss. Now according to Microsoft there are 3 types of social engineering namely phishing, spear phishing and email hoaxes. But collectively all three terms are now referred as phishing. This interesting term 'phishing' was coined for the first time in 1987 by a paper presentation for HP international users by Jerry Felix and Chris Hauck in September 1987 [8]. They also described the phishing technique in detail in the same paper. Although the term was coined in 1987 the first recorded mention of this term was in 1996, also there were some mentioned of the term phishing in the hackers magazine 2600 before 1996. Phishing basically takes the advantage of human ignorance and it allows unscrupulous people to take the advantage of the loop-holes in the web technology. [9][10]
This gives us a lot of background information about phishing but what exactly is involved in phishing? How can we technically define phishing and what can be the consequences of the phishing? Following are some of the best technical definitions of phishing from very legitimate sources who are actually working on the various issues related to phishing and who take phishing very seriously and are struggling to spread awareness about phishing in general public.
There are certain groups working rigorously in order to minimize the phishing attacks and/or to minimize the impact of the phishing attack as well as gathering the data about recent attacks and spreading the word about is so as to minimize the spreading of phishing attacks and minimize the loss due to phishing.
There is a working group known as 'Anti-Phishing working Group (APWG)' which has done a noticeable work against phishing and phishing attacks. On their web site APWG describes their role against phishing by saying "The Anti-Phishing Working Group (APWG) is an industry association focused on eliminating the identity theft and fraud that result from the growing problem of phishing and email spoofing. The organization provides a forum to discuss phishing issues and evaluations of potential technology solutions, and access to a centralized repository of phishing attacks." - www.antiphishing.org/membership.html
This gives us a clear idea about what APWG is doing. It also goes further and defines the phishing in its phishing activity trends report for 2010 as follows - "Phishing is a criminal mechanism employing both social engineering and technical subterfuge to steal consumers' personal identity data and financial account credentials. Social-engineering schemes use spoofed e-mails purporting to be from legitimate businesses and agencies to lead consumers to counterfeit websites designed to trick recipients into divulging financial data such as usernames and passwords. Technical-subterfuge schemes plant crime-ware onto PCs to steal credentials directly, often using systems to intercept consumers online account user names and passwords - and to corrupt local navigational infrastructures to misdirect consumers to counterfeit websites (or authentic websites through phisher-controlled proxies used to monitor and intercept consumers' keystrokes)." - http://www.antiphishing.org/reports/apwg_report_Q1_2010.pdf [11]
Another very trusted and prominent source of information Oreillynet.com defines phishing as "Phishing (also known as carding or spoofing) derives its name from the use of sophisticated lures (such as emails designed to look like they come from a real company or institution) that are created by unsavory characters to "fish" for users' financial information, credit card details, and passwords." - Oreillynet.com/network/2005/10/25/what-is-phishing.html
These definitions give us a basic idea and the technical details of what is phishing. Basically as discussed earlier in social networking and e-commerce section, today people are relying more and more on internet and technology for their day to day task and putting lot of personal and private information online and hence there is increase in the amount of phishing and other types of scam on the internet. Phishing attacks basically uses fake e-mails and duplicate websites as their medium for attacks. They disguise users and make them think that it e-mails are from trusted source and the web site they are visiting is a verified one and looks like the original website itself. Then the next step is to get the private information from the user. Once users are fooled as being visiting the trusted web site, these websites ask for users various computer accounts credentials, financial information or some other personal information which can be used against the user or for personal benefits of the originator of phishing emails and website. Once getting the user information, the attacker can use this information for various purposes which may or may not involve criminal activities such as identity theft, larceny, and fraud or may be blackmailing [12].
Phishing attacks succeed when an ignorant user makes a false perception of an email or website as a verified one and loses his credentials and personal information to such fraudulent emails and websites. Now attacker can user various different ways to acquire this sensitive information, moreover after acquiring the sensitive information he can use this information in various ways and for various purposes. So there are many permutations and combinations involved in this phishing attacks and information use and hence it is very difficult to come up with the fool proof solution to prevent these attacks. [12]
Attack Techniques, Signs of Phishing and Personal Experiences
Phishing attacks are mainly target towards the ignorant internet users who will click on anything that will come to them via email or any other form of instant messaging. But it might also happen to the cautious users as phishers go to great extents to make these fraudulent emails and web sites to looks similar to the originals ones. Following are some of the signs we can notice about the phishing attack emails and messages.
Unsolicited requests for personal information:
This is the most common way of sending phishing emails messages. It will generally come with name of most famous organization names and it will ask for your personal information and credentials. One thing to notice here is that no trusted organization will ask for your private information and account credentials out if the blue directly from an email message. The best way is to get back to the original company on your own and verify that the email has come from the verified source. Never directly click on the link from an email and start filling out your information. [13]
If you observe an average internet user who browse internet on regular basis and especially some shopping websites and other websites which deal with financial information, he will certainly get some amount of phishing emails in his inbox. There were many such emails in my inbox and following are some of them.
This one appears to have come from Rolex.com! And it has my exact email address and says that special 76% discount for me only. Now after looking at the graphics and sender's address and all other accurate information one can be easily fooled that yes it is from Rolex and they are really offering me an 76% discount (although without considering that an original Rolex with 76% discount will still be a lot costlier that most of the watches in the world!). But if you notice closely and check the hyperlink included in the email you will see that although it says 'http: //www.rolex.com', which looks like a correct and authenticated URL; it will actually redirect you to some other URL which is 'luxurywatches4you.com' which is shown by a red rectangle! This is what was there in the actual hyperlink and you can certainly check this each and every time in the status bar of your browser when you place your mouse over the link.
C:\Users\A\Documents\My Dropbox\Fall10\Info Assurance\Term papers\phishing1.png
Figure 2: Screenshot of a phishing email from my personal account
Alarmist warnings
Alarm warning emails are used just to spread the hoax by saying that your particular online account will expire or will be shut down due to in activity or some other reason and in order to keep your account operational you have to click on the link enclosed in the email and provide the credential for your account. Now this trick will fool the users to provide their account credentials and after acquiring these credentials phisher can use this in any way. [13]
Ignorance to Details
This is one of the most important things to notice when trying to identify the authenticity of the email. Because fraudulent and phishing emails often lack the attentions to details. It will contain spelling mistakes; grammatical mistakes as well as it will have incorrect use of language and tense. These are the key concepts to identify the possible fraudulent emails. [13]
Addressed as "Customer"
Now many times you will get emails which appear to be from a verified source where you are actually having an account and you have already provided them with your personal information such as name and address. But still you will get these emails addressed as a 'customer' or 'dear customer' or 'dear client'. These are signs of possible fraudulent emails and if they contain any attachments then there is a 90% + chances are that the attachment has some sort of Trojan or worm included in it and once downloaded and opened it will activate itself. Apparently it will not show anything harmful to user but in the background it may collect all the information and send all this information to the phisher or scammer.
Following image (Figure 3) shows the email message which appears to be from ups global services to me but instead of addressing by my name it says 'dear client'. Also it says that they have included the tracking number and shipping label into a zip file! Now I know that if I miss the delivery UPS will leave a note outside my home or will call me on my cellphone for further information but will never send me an email with attached zip file to it. And on top of it the same message is carbon copies to another email address which closely resembles to mine! The funniest thing is that I have received another email with similar content with similar zip file but now from DHL logistics! (Figure 4)
C:\Users\A\Documents\My Dropbox\Fall10\Info Assurance\Term papers\phishing2.png
Figure 3: UPS fraudulent email
C:\Users\A\Documents\My Dropbox\Fall10\Info Assurance\Term papers\phishing3.png
Figure 4: DHL fraudulent email
Some Key words such as 'Identify user self', 'Verify your account'
You might get emails from the sender which claims themselves as a verified source and will ask you to verify your account by clicking on the link provide in the email or will say click on the link below to activate your account which you have never requested. This is a sign of fraudulent email. Mostly the sites requiring you to activate your account through a link included in email will specify it clearly on their website and you can easily verify the email from such trusted sources by matching the sender's email id with the one provided on the websites.
Pharming
Now what comes to your mind when you hear the word 'Pharming', again its similarity with the regular word farming and phishing right? And yes it is true. Pharming as the words suggest is also a kind of an online fraud. Norton site says that it is a cousin to the farming. It is because in this case also the user's / victim's personal information and credentials are at stake but the pharming attacks are more sophisticated and advance than those in phishing. The pharming attacks are more dangerous because they are very difficult to detect and prevent. Pharming attacks does not use any kind of baits as in the phishing to lure the target to click on something and then fill out the personal and/or private information or they do not send out any fraudulent emails to multiple users and ask them some information through it. Instead pharming uses more advance technique to target users; it will automatically direct the users to a fraudulent website even though user has typed in a correct web URL of the expected website. Now this redirected website is a bogus website but will look exactly similar to the actual website with very minute and apparently unnoticeable changes. Even with slight ignorance one can easily get fooled by these websites and think that it's an original website. And after that naturally it will ask for your login information and/or other private, personal information and credentials and unknowingly you will give out all your information to the attacker [14]. Hence sometimes pharming attacks are described as a "phishing without a lure" [15].
The term pharming was around since 1996 but was not famous until the end of 2003. This is the time when email based fishing attacks began to rise extremely and became the popular attack methods of online criminals. By the mid of year 2004, because of their rising number of attacks and the more and more people falling to these attacks; phishing attacks were on the headlines around the world. This has made most online service providers, e-commerce websites and users of all such services aware of these kinds of phishing attacks. Also because of their rising number and potential threat, many organization and security providers came up with powerful and sophisticated tools to detect and prevent such phishing attacks. Internet users and service providers started using these tools and the severities of such attacks were lessened. But at the same time phishers were getting ready to use new techniques to launch the completely new kind of attacks on the internet users. The new breed of attacks known as pharming attacks were even more sophisticated and hard to detect. Pharming attacks use the manipulation of several components of core naming services and domain naming services [16]. Pharmers used such sophisticated methods to disguise the users and redirect them without their knowledge to completely different web site which were under phisher's control. Even the most advance security control methods used to detect the phishing attacks at that time were not able to detect these highly sophisticated pharming attacks.
Pharming uses a technique from a pool of well know attacks or exploits such as DNS hijacking, DNS spoofing and cache poisoning [16]. Pharmers redirect their victims to the desired websites using several different methods available. The oldest of them is DNS cache posing and this is probably the one which gave these attacks their name as pharming [14]. DNS cache poisoning is an attack on the internet system which was actually developed to help the internet users. On internet every connected machine and every connected resource is identified by a unique address known as Internet Protocol Address or IP address. But it is impossible to remember these associated numbers for every website we visit and hence every web resource is also associated with its name called as website name e.g. www.mywebsite.com is a website name which will actually refers to some underlying IP address which points to the a particular source on the internet. Now IP address is a 16 bit (IPv4) number which takes a form of 110.23.256.2 (some random example). Now when you enter the above mentioned web address in the address bar of any browser, it will actually convert that into an IP address of 16 but number and then call that resource in order to provide the information located at that site. Now the Pharmers exploit these naming system conversion methods. The naming system conversion relies on Domain Name Service server (DNS Servers) for the conversion of these word based addresses to the actual numeric IP addresses of the web resources. Now when a pharmer successfully mounts a DNS server cache poisoning attack, he basically controls the redirection and name resolving capacity of that DNS server. Now whenever any domain name resolving request comes to such affected DNS server, the controlling pharmer can direct it to any website he wants and the end user will still think that he has been directed to the correct web site by the DNS server. This is completely different and more dangerous that phishing where phisher will just drop the bait in form of emails and messages and will wait for the user to make a mistake by clicking on the link and then providing all the information required. But in case of pharming attackers take over the control of DNS servers and can redirect the complete traffic on that DNS server to desired website. These types of attacks are more effective and easy to carry out on mass number of users at a same time without getting noticed by anyone. [14]
Some of the famous examples of pharming attacks involve an attack on New yorks famous ISP Panix. In January 2005, panix's servers were hacked and all the requests to the Panix servers were redirected to a website in Australia. In 2004 a German teenager hijacked a web server of ebay.de and redirected all of its traffic.
In a white paper published by McAfee a renowned computer security organization, it was said that "Vulnerabilities in the pharming attacks are high because these are fairly new types of unique attacks and majority of IT managers are unaware of it."
Protection against Phishing and Pharming attacks
On the windows live website of Microsoft corporation a simple trick is mentioned to protect you from phishing and pharming attacks "Be vigilant. Be suspicious." [17]
This is the basic mantra while surfing and using the internet. We have seen the penetration of internet and the use of internet for social networking as well as ecommerce. Internet has given the biggest technological tool to mankind in last century but along with it comes the responsibility and threats associated with it. We spent some time at the beginning of this paper just to understand the exponential growth of internet, its use for e-commerce and later the penetration of social networking primarily because of the attacked targeted at these functions on internet. In a quarterly report for first quarter of 2010, anti-phishing working group stated that e-crime gangs focus on classifieds, social networking and online gaming websites. Following diagram (Figure 5) shows the distribution of the attacks on the different types of web sites and services. [11]
It was also mentioned that on an average each month 250 brands were hijacked by email phishing attacked with highest numbers of 198 in March 2010. On an average there were around 27,000 unique phishing reports submitted for each month and almost similar number of unique phishing web sites were detected in each month of 1st quarter of year 2010 [11]. As you can see this is the most recent data we have and still the number of unique attacks and targets is rising at steady rate and mind that these are only unique reports which were never reported previously. This indicates that there are bad people out there who are constantly trying to get your personal and private information for number of reason using whatever technique they can and by gaining your information they will be using it for their own benefit. So it is everyone's own responsibility to protect his or her own information while using internet and not fall prey to such fraudulent attacks.
C:\Users\A\Documents\My Dropbox\Fall10\Info Assurance\Term papers\report1.png
Figure 5: phishing and pharming attack targeted industry sectors in Q1 of 2010 [11]
Following some simple steps mentioned below will greatly minimize the chances of phishing and pharming attack while on the internet.
Never include any sensitive personal information in a message[17]
As mentioned earlier, most of the organization will not ask you for the password and any other sensitive information through an email or any other form of conversation. If you get any such request then it is best to ignore it and try to report such email to trusted authorities and the apparent sender about such instance.
Make sure that website is legitimate[17]
Always look for authentication certification or any other form of certification while browsing any website on the internet. If website demands you for any sort of personal information or credentials double verify that the website is authenticated and only provide your information if it is extremely necessary.
Avoid clicking on the links on pop ups and messages from unknown senders [17]
While browsing untrusted sites on internet you will get many pop-up windows every now and then and these windows will contain some links. Apparently these links will be some sort of game or advertisements but in reality they might contain some scripts which will execute themselves once clicked and will cause you information loss to unknown level. Similar is true with the links in the emails from unknown senders.
Consistently check your financial statements [17]
Be consistent and cautious enough while checking your financial statements. Because if you are irregular in checking your statements, if at all any fraud happens with you, you will be in dark until checking the financial statements. Report any irregular or inconsistent entry in any financial statement to respective authority and demand for the explanation.
Improve your computer's security [17]
Use highest possible level of security when browsing the internet. Use good anti-virus software and make sure that it is updated at regular intervals. Install trusted anti-spyware and anti-malware software and update them regularly. Try avoiding browsing unknown and untrusted websites in internet. Always look for the security certificate of a website while entering any personal information on that site.
Report the attack incident [17]
If at all you get attacked by phishing or pharming trap, report the instance to a proper authority as soon as possible. Try to change your password and other credentials of the accounts under attack.
Following above mentioned simple rules will save you from most of the phishing and pharming attacks that are out on the internet. But always remember that there will always be people trying to get your information and use it in wrong way for their own benefits, so it is your own responsibility to protect your data and thereby protecting your safety.
