The security world is becoming experts in fighting Trojans and viruses and eradicating phishing and zero-day attacks. But there is always a new puzzle to solve. The latest one, Pharming, is a sinister evolution of Phishing. An attacker does phishing by sending an attractive email and luring him to provide some personal details. Thus, it leaves bate and waits for a bite.
Pharming – The evolution of Phishing
The post is sectioned as below
- What is Pharming?
- How does Pharming works?
- How can you protect yourself from Pharming? ( Link to tutorials provided by banks for anti-phishing)
What is Pharming
In Pharming, criminals divert users to a deceptive web page without the phishing email, and then you are lured for personal information with the help of some exciting offer. Thus while you are looking for something, you land somewhere and get trapped if you are not careful.
Pharming is Dangerous not simply because it is more effective but also because it is easier for attackers to pull off as they only need to modify the open files, call hosts on the user system, and create a false Web page. Could a trojan easily accomplish this?
How does Pharming works?
In Simple words:
Pharming is entirely transparent to users. Unlike phishing(where it sends email) it uses false addresses to direct users to a bogus website where they are conned into divulging personal information. There are very few clues where users can get suspicious.
In Technical Terms
Pharming Corrupts a Domain Name Server(DNS) by replacing the DNS IP address with a fake one. People who don’t know DNS is an Internet service that translates IP addresses ] Since we access by name and not addressed, it’s almost undetectable. This crime is accomplished through cache poisoning of DNS servers (a.k.a domain hijacking). This results in the user’s being redirected to the attackers’ server, where they are asked for details like Credit Card, Paypal account, etc.
Four Ways of Pharming
According to the Federal Deposit Insurance Corporation, pharming may occur in four ways.
- Static Domain Name Spoofing, Criminals take advantage of site misspellings in domain names to trick users into advertising visiting the attacker’s website. For example, techcrunch.com can be misspelled as teccrunch.com
- Malicious virus software that secretly captures data on consumers’ personal computers to redirect users.
- Domain Hijacking is when a hacker steals a website.
- DNS poisoning is when Internet users are redirected to a bogus website by corrupting the DNS.
Efforts By FDIC
FDIC encourages help even banks to use digital certificates, diligently maintain their domain names, monitor for DNS poisoning, and educate customers to install current versions of virus detection software firewalls and spyware scanning. The following links are provided courtesy of companies who have been victims of Phishing attacks.
- eBay Spoof Tutorial.
- Bank Of America PassMark.
- Citibank Advice.
- Paypal Security Spoof
How can you protect yourself from Pharming?
The only true protection against phishing and pharming is common sense. I went through some of the bank sites and even PayPal. I will collect them into points now.
For a Regular User:
- Don’t Respond to emails you receive from banks unless you have confirmed with the bank over the telephone.
- Use your eyes to watch for any fraudulent email; if found, delete it. Spams!!
- Consumers should also refrain from clicking on hyperlinks in emails. Always remember the rule of thumb that companies never send out “account verification” messages.
- Keep your anti-virus and anti-spy wares updated. I recommended using Windows Defender and Norton Anti-virus. But you can always lookout for more.
- Keep an eye on your browser’s status bar when dealing with money transactions and secured information passing. You should always check for a trusted Certificate Authority. If you receive invalid server certificates, especially when attempting to enter any site where your confidential deposit information or perform money transactions, pause before entering data. Review the certificate; if the certificate’s name does not match the site, leave it immediately.
For Network Administrators
- Deploy methods to protect DNS, multi-factor authentication logins, single-use passwords, and automatic telephone callback technologies.
- The best defense against DNS poisoning is ensuring you have the latest DNS software and security patches. Some vendors offer anti-pharming tools to protect you from unauthorized changes. Companies like NGSEC protect your windows server from pharming attacks by denying any user the permission to write to the host’s file.
Steps Taken By Government and Organizations
- The government and other organizations have also taken a proactive leadership role in fighting against these intractable social problems.
- The Anti-Phishing Working Group (APWG) website has information on how to spot phishing and pharming attempts and what to do if you are a victim of such a scam.
- The “Anti Phishing Act of 2005” tried to protect the integrity of the internet by first criminalizing the bait. It is illegal to knowingly send out a spoofed email that links to shame websites to commit a crime. Second, it criminalizes the websites that are the true scene of both types of crime.
Phishing and Pharming are additions to the top security threats institutions face. Pharming attacks are more devious. The trend is shifting from technological attacks to those that exploit human behavior. The attackers are now not after security loopholes but after consumers’ behavior and their lack of knowledge. Both techniques, sending email and bogus websites, can have serious consequences. So be smart, educated, and keep yourself updated.