Thursday, March 03, 2005

Fw: Security Sense - Son of Phishing: ‘Pharming’ Phacts

Just when we were growing accustomed to phishing, along comes a spin-off security threat that has been dubbed ‘pharming.’

Phishing, as most computer users know by now, uses spam e-mail or pop-up messages to trick recipients into disclosing credit card numbers, bank account information, and other sensitive data.  According to experts, pharming may be worse — more intuitive, less intrusive, and more likely to succeed.  Here’s an early heads-up on how pharming works and how you can protect yourself.

How it works.  In pharming, hackers use one of two techniques (domain hijacking or malicious code) to reroute a victim’s browser to a phony Web site.  Any personal data then entered by the victim is “harvested” by the criminals and used to commit identity fraud.

Why it’s worse than phishing.  While phishing requires active participation on the part of the victim (who must first fall for a phony e-mail, then click to be taken to a new site), pharming scams can hit passive victims – even experienced, sophisticated computer users may be snared.

Why it’s growing.  The phishing threat grew by orders of magnitude in 2003 and 2004, but consumers have grown wary of the scam.  Thus, in the never-ending battle between law enforcement and criminals, the bad guys have been forced to come up with an even more insidious threat.

What’s being done.  Cutting-edge security specialists are taking on pharming.  It’s now possible to order plug-in software programs that let users see the geographic locations of the Internet domains they are going to.  This could alert a potential pharming victim who, for example, thinks she is typing in the name of her bank but is actually being sent to a site in Russia.  Additionally, some industries in which security is critical are beginning to adopt “two-factor” authentication, which would help prevent one of the major pharming techniques.

If you'd like to learn more about things you can do to enhance your authentication security and strong authentication, please visit http:security.

Carmen Banks
DST Information Security

© National Security Institute, Inc.

This e-mail and any attachments are intended only for the individual or company to which it is addressed and may contain information which is privileged, confidential and prohibited from disclosure or unauthorized use under applicable law. If you are not the intended recipient of this e-mail, you are hereby notified that any use, dissemination, or copying of this e-mail or the information contained in this e-mail is strictly prohibited by the sender. If you have received this transmission in error, please return the material received to the sender and delete all copies from your system.


Post a Comment

<< Home