Pharming / Phishing
What is Pharming? "Pharming" is the practice of redirecting Internet domain name requests to false websites in order to capture personal information, which may later be used to commit fraud and identity theft.
What is Phishing? "Phishing" - as in fishing for confidential information - is a scam that encompasses fraudulently obtaining and using an individual's personal or financial information.
What are the differences between "Pharming" and "Phishing"? While pharming is similar to phishing in that both practices try to entice individuals to enter personal information on a fraudulent websites, they differ in how they direct individuals to that site:
- Phishing - In a typical case, the consumer receives an e-mail appearing to originate from a financial institution, government agency or other entity that requests personal or financial information. The e-mail often indicates that the consumer should provide immediate attention to the situation described by clicking on a link. The provided link appears to be the website of the financial institution, government agency or other entity. However, in "phishing" scams, the link is not to an official website, but rather to a phony website. Once inside that website, the consumer may be asked to provide a Social Security number, account numbers, passwords or other information used to identify the consumer, such as the maiden name of the consumer's mother or the consumer's place of birth. When the consumer provides the information, those perpetrating the fraud can begin to access consumer accounts or assume the person's identity.
- Pharming - refers to the redirection of an individual to an illegitimate website through technical means. For example, an online banking customer, who routinely logs in to his online banking website, may be redirected to an illegitimate website instead of accessing his or her bank's website. Pharming can occur in four different ways:
- Static domain name spoofing: The "pharmer" (the person or entity committing the fraud) attempts to take advantage of slight misspellings in domain names to trick users into inadvertently visiting the pharmer's website. For example, a pharmer may redirect a user to anybnk.com instead of anybank.com, the site the user intended to access.
- Malicious software (Malware): Viruses and "Trojans" (latent malicious code or devices that secretly capture data) on a consumer's personal computer may intercept the user's request to visit a particular site, such as anybank.com and redirect the user to the site that the pharmer has set up.
- Domain hijacking: A hacker may steal or hijack a company's legitimate website, allowing the hacker to redirect all legitimate Internet traffic to an illegitimate site. Domain names generally can be hijacked in two ways:
- Domain slamming: By submitting domain transfer requests, a domain is switched from one registrar to another. The account holder at the new registrar can alter routing instructions to point to a different, illegitimate server.
- Domain expiration: Domain names are leased for fixed periods. Failure to manage the leasing process properly could result in a legitimate ownership transfer. In this instance, trade name laws usually must be invoked to recover lost domains.
- DNS poisoning: The most dangerous instance of pharming may be domain name server (DNS) poisoning. Domain name servers are similar to Internet road map guides. When an individual enters "www.anybank.com" into his or her browser, Domain Name Servers on the Internet translate the phrase anybank.com into an Internet protocol (IP) address, which provides routing directions. After the DNS server provides this address information, the user's connection request is routed to anybank.com. Local DNS servers can be "poisoned" to send users to a website other than the one that was requested. This poisoning can occur as a result of misconfiguration, network vulnerabilities or Malware installed on the server. There are 13 root DNS servers for the entire Internet, which are closely protected and controlled. Most requests are directed by the local DNS server before they reach a root DNS server. However, if a hacker were to penetrate one or more of these root servers, the Internet could be severely compromised.
Detection and Prevention - Consumers and businesses can take several steps to prevent pharming attacks:
- Digital certificates: Legitimate Web servers can differentiate themselves from illegitimate sites by using digital certificates; websites using certificate authentication are more difficult to spoof. Consumers can use the certificate as a tool to determine whether a site is trustworthy.
- Domain name management: Businesses should diligently manage domain names by ensuring that the domain names are renewed in a timely manner. Institutions also should investigate the possibility of registering similar domain names. In addition, many registrars offer domain locks to prevent unauthorized domain slamming.
- DNS poisoning: Businesses should investigate anomalies about their website to ensure that DNS poisoning attacks are addressed promptly. For example, if a business's domain was hijacked, it would immediately stop receiving normal Internet-related requests. The drop in Internet traffic should alert the business's technology staff to the problem, which should then be investigated.
- Consumer education: Individual consumers are encouraged to research and study the problem of fraud and identity theft and to install current versions of virus detection software, firewalls and spyware scanning tools to reduce computer infections and to understand the importance of regularly updating these tools to combat new threats.