Phishing and Pharming: A guide to avoid getting scammed online

You just got an urgent e-mail from your credit card company or your bank requesting you to verify your log in or user name and password. The e-mail says it is from This e-mail address is being protected from spambots. You need JavaScript enabled to view it or This e-mail address is being protected from spambots. You need JavaScript enabled to view it or payments@

Hopefully by now you know that no trusted financial institution will ever e-mail you to request your user name and password or your mother’s maiden name. The best thing you can do is to simply delete these phony messages. This technique of scamming people with fake e-mail is known as phishing. The name is derived from using the e-mail as bait and if you (the phish) bite you are reeled in and lured to provide personal details that can leave your finances vulnerable.

If phishing was not bad enough, a new scam called pharming is so sneaky and potential damaging that you must educate yourself before you enter any financial data online ever again.

Pharmers hijack domain name servers (DNS) and route you to a fake look-a-like site that requests your log in and password. For example, you type into your Internet browser. The browser address block shows but what you do not know is that some clever hacker has hijacked PayPal’s domain name server. Just watching the address bar on your Internet browser will not be enough to know if your site has been hijacked. The URL that is displayed and the look-a-like financial site will appear normal.

What should you do?
Besides running an up-to-date antivirus program and strong firewall, a little knowledge can go a long way.

Most financial sites run on secure servers (look for the closed lock icon on the bottom of your Internet browser) so if you want to visit type instead. The https indicates a secure server and by typing it you force the browser to go only to an SSL-enabled version of the Web site. If the PayPal site has been hijacked, your browser should issue a pop-up box alerting you that the site SSL certificate does not match the URL you typed. You, being very observant (and hopefully slightly paranoid), do not accept and log off your attempt to visit the hijacked site. Use the telephone to call and alert the financial company.

Secure sites must have a digital certificate issued by a trusted third party source such as Verisign or Thawte and, to date, no widespread security problems have come from this side of Web security.

I found advice on to make sure that your Web browser properly validates SSL certificates. Set the following options in Internet Explorer 6 (users of other browsers will find comparable settings somewhere in their browser configurations):

Tools > Internet Options
Advanced tab
Under the Security section, make sure these options are checked:
• Check for publisher’s certificate revocation
• Check for server certificate revocation
• Use SSL 3.0
• Warn about invalid site certificates

Make sure that the option “Use SSL 2.0” is not checked because there are problems with the SSL 2.0 protocol which can make it possible for a pharmer to defeat SSL certificate verification.

Please be safe out there in cyberspace.

Terrence O’Hanlon, CMRP is the publisher of He is the director of strategic alliances for the Society for Maintenance & Reliability Professionals (SMRP). He is also the event manager for CMMS-2005, The Computerized Maintenance Management Summit on July 26-29, 2005 in Indianapolis, IN

Internet Tip: Call me

If you get enough of your friends and family to download, a free Internet-based telephone-like service, you may never have to pay for telephone services again.

Mark Hill of Companion Products sent me the link and I have been slashing my phone bill ever since. You can even make calls to people who are not in the network for super low rates.

You do need a computer with a microphone and headset or a USB phone to make this service work. It works on Windows, Linux, Apple OS, and Pocket PC devices.

Please visit to download a copy and give me a call.

New Job Site offers a free job posting for positions that seek maintenance and reliability professionals. The site offers a job description summary and requires that the detailed job description be posted at the employer’s Web site and a link is provided for job seekers to learn more.

Additional links are provided to larger job posting sites such as (of Super Bowl fame) and Yahoo! The site even offers resources for making sure that job seekers’ resumes represent them in the most professional light.

You can impress your boss or enhance your job search by sitting for the Certified Maintenance & Reliability Professional (CMRP) exam offered by SMRP. Earning CMRP certification demonstrates that you have the knowledge and more importantly the experience to be a reliability leader.

Newsletter Sign Up

Your First Name:

Your Last Name:

Your E-Mail Address:

Would you like our Newsletter?:

Enter verification image value

Congratulations to Our Recent Survey Winner

Paul Kimble, a Vibration Analyst for General Motors, was chosen at random to win a $100 gift card for completing our recent online MT Buying Cycle Survey. You could win, too! Watch your e-mail for our next survey request.

Featured Supplier: Brady

bradyBrady Worldwide Inc. is an international manufacturer and marketer of complete solutions that identify and protect premises, products and people. Our products include high-performance labels and signs, safety devices, printing systems and software, and precision die-cut materials. Along with being a global leader in industrial and safety printing systems and solutions, we have been the company you trust when performance matters most since 1914. We serve customers in electronics, telecommunications, manufacturing, electrical, construction, education, medical and a variety of other industries.

Click here for more.

Featured White Paper: Spraying Systems Co.

SSCo Logo Color w tag

Clean Tanks Faster and Lower Operating Costs

Understanding all the tank cleaning equipment options is difficult because not all tank cleaning nozzles are created equal. Let Spraying Systems Co. show you how to reduce cleaning time, minimize liquid consumption and improve cleaning effectiveness. 

Click here to download the White Paper.