Not only must financial advisors and their clients worry about spyware, but criminals are now using spam to obtain confidential information from unsuspecting consumers.

Known as “phishing,” it’s the latest weapon in the hackers’ arsenal. Phishing is a play on one of Canada’s favourite pastimes. But rather than trolling for trout, the bad guy is trolling for confidential information, such as an individual’s banking or brokerage password. And most of Canada’s big banks have seen their names used in these scams.

The way it works is the criminal sends out a large volume of spam e-mail under the name of a noted financial institution. The address line of the sender will indicate it came from the bank, making it appear legitimate.

For example, while writing this story, I received three e-mails purporting to be from
Wells Fargo, a financial institution of which I am not a client. Each had a different address, such as billing@wellsfargo.com or service@wellsfargo.com.

The subject line of the e-mail usually contains a warning that the account will be suspended, which entices the reader to open the e-mail and act upon the instructions. In my case, one e-mail wanted me to update a credit or debit card, while another warned of a pending account suspension.

Inside, the body of the e-mail usually contains the financial institution’s logo, giving it an air of legitimacy. It requests that the recipient update his or her records or face the possibility that the account will be closed. The e-mail provides a link to a Web site that the recipient can click on to update those records.

If you click through, the site usually looks identical to the bank site you usually deal with, but it is a fake and the Web address is entirely unrelated. It belongs to a hacker who will collect the client log-on information from those who take the bait, and then either sell this data or use it to steal the person’s identity.

In my instance, I was directed to Web sites that use the same logos, colours and layouts as the real Wells Fargo site. One was an elaborate knock-off; the other was a lazy attempt to copy the basic elements of the bank’s regular Web site. Each site had long-winded
Web addresses that were structured differently than the legitimate Wells Fargo address, a sign that something was amiss. Instead of beginning with www.wellsfargo.com, the addresses contained extra words, such as www.wellsfargo-secure.com.

Such sites usually stay up for a few days until they are discovered by security experts and shut down. By then the hacker may have gathered hundreds of log-ins from unsuspecting consumers who thought they were following directives from their banks.

Phishing is a growing problem and one most Canadian banks have faced in the past year. A global non-profit organization geared toward fighting online fraud, Anti-Phishing Working Group (www.antiphishing.org), received more than 15,000 reports of phishing in June involving more than 74 companies. That’s more than double the number of reports received last October. More than 90% of the targeted companies are financial institutions.

About 35% of the attacks have come from Web sites hosted in the U.S., followed by China (11.2%), Korea (10.1%), France (5.6%), Germany (3.62%) and Canada (2.8%).

The Canadian Bankers Association has created a consumer bulletin on how to avoid and report e-mail fraud. The bulletin, which can be found at www.cba.ca, says banks will never send clients e-mail asking them to disclose personal information. If advisors or clients receive such submissions, they can report them to their banks through links on the CBA Web site.

While phishing is causing banks some real snags, the latest online fraud is “pharming.” A pharming attack involves a hacker hijacking the actual domain of a company’s Web site so that, when consumers tell their browser to visit a specific Web site, they are redirected to an identical site controlled by the hacker, usually in an offshore location.

Pharmers do so by poisoning the underlying domain name servers (DNS), the computers that direct Internet traffic. A DNS takes the domain name typed into the browser, translates it into a numbered Internet protocol (IP) address and directs users to the correct site. Hackers crack the DNS software and tell it to redirect searches to another IP address.

@page_break@While still in its infancy, pharming is expected to grow as clever crooks find smarter ways to exploit online commerce and the gullibility of those using the Internet. IE