pharmers exploit security loophole in web

14.2.2006
Pharmers exploit security loophole in web

It seems that the Phishers may have had their day as most people can now spot a ‘phishing´ email a mile off.

However, there is a new cyber swindle on the rise which is less easy to identify and can be potentially more damaging to internet users.

Pharming works on a similar principle to Phishing and sometimes can work in direct correlation to a mass distributed email. Pharmers simply set up authentic looking bogus websites which can be accessed, either through following a link from an email, or more worryingly, through typing the URL for the authentic site into the browser. When the user enters their password and user name, this valuable information is captured by criminals who can use it to carry out criminal activity under a false identity.

Whereas the Pharmers who use the email system can get away with hundreds or thousands of pounds, this is small fry to the potential destruction of the other manifestation of the scam. DNS Poisoning leads to significant numbers of web users being herded to false sites. These technically sophisticated con artists develop perfect replicas of the authentic sites and them exploit a loophole in the Domain Name System (DNS), poisoning the system with false information and steering helpless victims to their fake site. Once there, they unwittingly enter their personal information which is then used against them, to access their bank accounts or run up shopping bills on their account.

Although the DNS attack tactics used by Pharmers have been around for a while the growth of internet shopping and online banking and bill payment has created a wide potential profit zone for criminals who are capable of snagging login information, credit card and bank account numbers.

So what can you do to protect yourself? Unlike with Phishing, which can be relatively easy to detect and combat, Pharming demands a variety of tactics to ensure you do not fall foul of the internet fraudsters.

  1. Use different passwords and usernames for different web sites. That way, if the Pharmer gets hold of one of your online identities he cannot use it to access all your other online profiles.
  2. Companies should ensure that their system is not vulnerable to DNS type attacks. There are other software packages available which do not use the DNS Systems.
  3. Online providers could use “multi-factor authentication” logins, including things like single use passwords and automatic telephone call back, which confirms with the registered customer the authenticity of the transaction which is about to take place.
  4. Run up to date anti-virus and anti-spyware software
  5. Exercise caution over which programs you decide to run or which websites you enter your details in — if it looks suspicious close it down.
  6. Install a personal firewall.
  7. Follow anti-phishing recommendations - Do not respond to suspicious emails requesting personal profile information. Delete from your inbox, and from your deleted items!

Subscribe

Stay up to date with with our latest news & events and industry news.

THANK YOU FOR SIGNING UP!