The security world is becoming an expert in fighting Trojans, viruses and eradicating phishing and zero day attacks. But there is always a new puzzle to solve. The latest one is known as Pharming is a sinister evolution of Phishing. Phishing is what an attacker does, is by sending an attractive email and luring him to provide some personal details. Thus, it leaves a bate and waits for a bite.
The post is sectioned as below
- What is Pharming ?
- How Pharming works ?
- How can you protect yourself from Pharming ? ( Link to tutorials provided by banks for anti phishing)
What is Pharming
In Pharming criminals divert user to a deceptive web page without the phishing email and then you are lured for some personal information with the help of some exciting offer. Thus while you were looking for something, but you landed somewhere and get trapped if you are not careful.
Pharming is Dangerous not simply because its is more effective, but also because its is easier for attackers to pull off as they only need to modify open file, called hosts on the user system, and create a false Web page. This could easily be accomplished by a Trojan.?
How Pharming works ?
In Simple words
Pharming is entirely transparent to users. Unlike phishing(where it sends email) it uses false address to direct users to a bogus website where they are conned into divulging personal information. There are very few clues where user can get suspicious.
In Technical Terms
Pharming Corrupts a Domain Name Server(DNS) by replacing the DNS IP address with a fake one. People who don’t know DNS is an Internet service that translates IP addresses ] Since we access by name and not addresses, its almost undetectable. This crime is accomplished through cache poisoning of DNS servers (a.k.a domain hijacking). This results in user’s being redirected to attackers server, where they are asked for details like Credit Card, Paypal account etc.
Four Ways of Pharming
According to the Federal Deposit insurance corporation, pharming may occur in four ways.
- Static Domain Name Spoofing, criminal take advantage of sites misspellings in domain names to trick users into advertise visiting the attackers website. For example, techcrunch.com can be misspelled as teccrunch.com
- Malicious virus software that secretly captures data on consumers personal computer to redirect users.
- Domain Hijacking where hacker steals the website.
- DNS poisoning where the Internet users are redirected to a bogus website by corrupting the DNS.
Efforts By FDIC
FDIC encourages to help even banks to use digital certificates, diligently maintain their domain names and monitor for DNS poisoning and educate customers to install current versions of virus detection software firewalls and spy ware scanning. The following links are provided courtesy of companies who have been a victim of Phishing attacks.
- Ebay Spoof Tutorial.
- Bank Of America passmark.
- Citibank Advice.
- Paypal Security Spoof
How can you protect yourself from Pharming ?
The only true protection for phishing and pharming is common sense.I went through some of the bank sites and even paypal.I will collect them into points now.
For a Regular User:
- Don’t Respond to emails which you receive from banks unless you have confirmed with the bank over the telephone about it.
- Use your eyes to watch for any fraudulent email and if found delete it. Spams!!
- Consumers should also refrain from clicking on hyper links in emails. Always remember the rule of thumb that companies never send out “account verification” messages.
- Keep your anti virus and anti-spy wares updated. I recommended using windows defender and Norton Anti-virus. But you can always lookout for more.
- Keep an eye on the status bar of your browser when you are dealing with money transaction and secured information passing. You should always check for a trusted Certificate Authority. If you receive invalid server certificates, specially when attempting to enter any site where your deposit confidential information or perform money transactions, pause before entering data. Review the certificate, if the name of the certificate does not match the site, leave right away.
For Network Administrators
- Deploy methods to protect DNS, multi factor authentication logins, single-use passwords and automatic telephone callback technologies.
- The best defense against DNS poisoning us to ensure that you have the latest DNS software and security patches. Some vendors offer anti-pharming tools to protect you from unauthorized changes. Companies like NGSEC actively protect your windows server from pharming attacks by denying any user the permission to write to the hosts file.
Steps Taken By Government and Organizations
- The government and other organizations have also taken a proactive leadership role to figt against these intractable social problems.
- The Anti-Phishing Working Group (APWG) website has information on how to spot phishing and pharming attempts and what to do if you are a victim of such a scam.
- The “Anti Phishing Act of 2005” tried to protect the integrity of the internet by first criminalizing the bait.It makes it illegal to knowingly send out spoofed email that links to shame web sites with the intention of committing a crime. Second, it criminalizes the web sites that are the true scene of both types of crime.
Phishing and Pharming are additions to top security threats that institutions are currently facing.Pharming attacks are more devious.The trend is shifting from technological attacks to those that exploit human behavior.The attackers are now not after security loop holes but after consumers behavior and their lack of knowledge.Both techniques, sending email and bogus websites can have serious consequences.So be smart, educated and keep yourself updated.