Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Get Protection Against New-Generation "Pharming" Attacks

The next generation of phishing attacks--otherwise known as pharming--has arrived. Pharming incidents rose 6 percent between May and June, says the APWG (Anti-Phishing Working Group), an industry association dedicated to studying phishing issues. This increase exacerbates an already alarming problem: Identify theft, which pharming helps perpetrate, was the top fraud-related complaint last year, according to the Federal Trade Commission, inflicting an estimated $5 billion to $50 billion in damages.

Unlike phishing, pharming--another name for domain spoofing--doesn't require the user to be duped into divulging personal information with the click of an e-mail link. Pharming takes Web requests and redirects them to a fake but legitimate-looking site or proxy server that downloads keystroke logging applications for the purpose of pilfering personal data (see "Pop-Up, Go the Weasels").

Typically, pharmers target large financial institutions, such as Bank of America, Citizens Bank and Wells Fargo. But the APWG has found that pharmers are also going after regional and niche credit unions that have well-to-do members and laxer security. Nonfinancial organizations such as AOL, Microsoft, the FBI, the Internal Revenue Service and large universities have all recently been victimized by pharmers and phishers.

Pharming, like phishing, takes advantage of users' trust in the application and data they're seeing. In phishing, users formulate a decision about a message's validity based on the address in the from field of the header, as well as the message content, which often looks true to life. With pharming, things get even messier. Just verifying the URL in your address, status or title bar won't do much good. From a user's perspective, the pharmer's URL and actual site look normal.

So how do organizations protect their employees and Web sites from pitchforked pharmers?

  • 1