A Free Educational Resource Created by Carnegie Mellon University to Empower You to Secure Your Part of Cyberspace

Pharming

Redirecting users from legitimate Web sites they are trying to visit to fraudulent Web sites

Pharming attacks redirect users from legitimate Web sites they are trying to visit to fraudulent Web sites. These fraudulent Web sites look similar to the real sites, but when users enter personal information on the site, such as their name, password, credit card number, etc., the information is captured by the attacker. The attacker can then use this information for identity theft or data theft.

One method of pharming is DNS (Domain Name System) poisoning. The DNS is like a telephone directory for the Internet that translates domain names, such as www.google.com, to numerical strings called IP addresses, such as 128.2.214.69. An attacker poisons a DNS server by putting false information into it, so that legitimate domain names are translated to IP addresses that correspond to the attacker's fraudulent Web sites.

Pharming is similar to phishing in that they are both attempts to capture information from unsuspecting users on fraudulent Web sites. However, pharming is different in that it does not require victims to click on fraudulent links in emails. Pharming is much harder to detect, since it is very difficult for a victim of pharming to detect that an attack has been attempted. Pharming also allows an attacker to reach a large number of victims at once.

Protective Measures

Practices

  • Update your browser with the latest software updates and security patches: New security problems are constantly being found in browser software that has already been released. Software vendors therefore make updates or security patches available from time to time that fix these problems. A patch is a downloadable piece of software that repairs a security problem or other "hole" in the software. Since most intruders exploit these known weaknesses, failing to download a patch creates an unnecessary risk. The unpatched hole could serve as an entry point for hackers who want to examine, damage, or exploit the information and services on your computer. It is also important to use the latest version of your browser since newer versions will have stricter security standards and fewer vulnerabilities.

    Unfortunately, Internet Explorer does not have an automatic update feature. The Microsoft  Web site has a "Scan for updates" feature that scans your computer to determine which updates you need, including any for Internet Explorer. The Web site can be reached through the link above, or by the Tools > Windows Update option in Internet Explorer.

  • Use secure Web sites for sharing personal information: If you're at a site where you're being asked for credit card or other sensitive information, make sure the Web site you are viewing is secure. First check the beginning of the address in your browser's address bar; it should be "https://" rather than just "http://". If it's not, the site is not secure.

    The "https://" address can be spoofed, so also check to see if you have a lock icon next to the address bar in the top right-hand corner of the Internet Explorer window. If you don't, the site is not secure. Since this also can be spoofed, double-click on the lock icon and read the dialog box that appears. Try to confirm that the name on the digital certificate matches the site you think you are visiting. Taking these steps lowers your chances of being scammed.

  • Check your bank and credit card statements for purchases that you did not make: Regularly check your bank, credit and debit card statements to make sure that all transactions are legitimate. It is important to know what you did and did not buy so that you are better prepared to answer questions if somebody steals and uses your financial information.

  • Report fraudulent Web sites to the Federal Trade Commission: If you determine or suspect that you were directed to a fraudulent Web site, send the email that directed you there to uce@ftc.gov. If you believe you've been scammed, file a complaint with the Federal Trade Commission .

Tools

  • Anti-Pharming Toolbars: There are some toolbars, such as the TraceAssure Toolbar , that provide limited anti-pharming protection by maintaining a list of previously validated IP addresses corresponding to domain names. The toolbar gives you a warning if you connect to an IP address that is different from the one validated for a certain domain name.

    Some toolbars, such as the Netcraft Anti-Phishing Toolbar , provide you with information about IP addresses, such as their geographic location. This may help you identify pharming sites, such as one located in Russia pretending to be a bank in the United States.

Legal Issues

Legal

In March of 2005, U.S. Senator Patrick Leahy (D-VT) introduced the Anti-Phishing Act of 2005 , a bill that proposes a five-year prison sentence and/or fine for individuals who execute phishing attacks and use information garnered through online fraud such as phishing and pharming to commit crimes such as identity theft.

References

Links

My home page