LETN Solutions - Leading Edge Technology & Network Solutions
Pharming? Phishing? What’s the difference?
Many of us are now familiar with phishing scams. The phishers cast the bait —seemingly legitimate emails from financial institutions, banks, or a well-known online shop. The mail claims that the institution has suffered a breach in security or some other technical problem. It asks the user to either send the lost information right away or invites them to follow a booby-trapped link to a fake site that mirrors the original site. Once at the spoof site, it’s easy to collect all the personal information needed by the pirate.
Of course, not everybody who receives the fake email shops at ACME Online Superstore, but it only takes a handful of victims from out of the millions of emails sent to make the operation profitable. The result? These criminals can steal thousands of identities, infest millions of computers with annoying adware or spyware, and attack others with damaging malicious codes.
But by now, hopefully, phishing is getting old. Users have been taught not to send personal information by email. They are familiar with these tricks and, when in doubt, they are more likely to call their bank. Educated users mean less business for the pirates, so they had to come up with something new. That is where pharming comes into the picture.
Pharming is sneakier. The principle is simple: instead of using a trick to hide the real destination of a link, pharmers hijack the very process that makes your computer actually go there. Yes, it’s very sneaky. It means that the pirates don’t care if you’re not clicking on their fake link: even if you enter the correct address in the browser yourself, you may end up on a spoof website, betrayed by your own computer! Still, there are ways to avoid being duped. By educating ourselves, and by practicing caution, we can protect ourselves against these scam artists.
How does pharming work?
There are two kinds of pharming. The first kind, known as “local”, redirects Internet users from legitimate Web sites to bogus ones using a strategy called DNS cache poisoning. The trick is to modify the part of your system that determines which website is at which address before it even looks on the Internet. So even if you do enter the correct URL, the corresponding IP address where you end up will still be fake. The second kind of pharming targets the DNS servers of companies or ISPs. Those are the servers that direct traffic on the Internet. By compromising those servers, the pirates can silently redirect all the users from a company without ever hacking into their computers.
The first kind of attack puts everybody at risk, but the pirates first have to infect or hack into your computer to be able to modify the local DNS resolution files. The second kind of attack requires the pirates to actually hack into the DNS server your computer uses. There’s nothing you can do in this case scenario: it’s up to your company’s IT department or ISP to secure the server properly.
How to prevent it?
Internet service providers (ISPs) are working hard on their end to filter out pharmed sites. The main thing you can do to protect yourself is to make sure the Web site is authentic. You need to use more than one method to stay ahead of the pharmers though. Remember, most of these authentification methods are set up to work only on the pages where you’re asked to enter your personal information.
Use a trusted, legitimate Internet Service Provider. Rigorous security at the ISP level is your first line of defence against pharming.
The attacker obscures the actual URL by overlaying a legitimate looking address or by using a similarly spelled URL. Check the Web browser’s address bar to make sure the spelling is correct. For example, when you type http://www.google.com, you should see that address. But the address for a pharmed site might be http://www.nsgoogle.com.
Check the http address. When you get to the page where you are asked to enter personal information, the http should change to https. The “s” stands for secure.
Verify the certificate of the site. It takes just a few seconds to tell if a site is legitimate. On the latest version of Internet Explorer (and on many other commonly available Web browsers), go to “File” in the main menu and select “Properties,” or right-click your mouse anywhere on the browser screen and, from the menu that pops up, click “Properties” When the “Properties” box opens, click “Certificates,” and check if the site carries a secure certificate from its legitimate owner. It must show the correct name of the company and the address you believe you are at.
Look for a padlock or key on the bottom of your browser or your computer task bar. A locked padlock, or a key, indicates a secure, encrypted connection and an unlocked padlock, or a broken key, indicates an unsecured connection. Of course, a secure connection to the wrong website will do you no good. So first, make sure that the certificate proves that you are at the correct website.
Install an antivirus program from a trusted security software provider to reduce your exposure to pharming scams. Use a personal firewall to protect your data from hackers, viruses, worms and Trojan horses.
Download the latest security updates (or patches) for your Web browser and operating system.
Conclusion
Pharming is a serious concern and it’s on the rise. Although ISPs are doing all they can to provide filtering, you still need to exercise caution when using the Internet. Norton Internet Security from Symantec can help protect you against pharming, phishing and other Internet threats. Also, be sure to regularly visit ClubSymantec and Symantec Security Response to get the latest Internet security information.
If you wish, we can give you a call to discuss your needs.