Description: Phishing involves the receipt of an e-mail message that appears to come from a legitimate enterprise. Pharming attacks compromise at the DNS server level, re-directing you to a hacker's site when you type in a company's Web address.
I'm Eric Eckel, executive editor for TechRepublic. All the work you've done to secure sensitive user name and password information maybe in jeopardy. Today I'm going to talk about the differences between phishing and pharming to ensure you're best prepared to defend against these attacks.
Phishing involves the receipt of an e-mail message. These e-mail messages appear to come from your bank, a vendor, supplier, or another organization with which you have a previous relationship. Typically the e-mail message will state that there has been a problem with your account. You need to provide just a little information, or confirm a piece of information you've already given the vendor. Unfortunately, the messages are coming from a bank; instead hackers are sending out these e-mail messages which are lurers. Hence the name phishing. The poor and unsuspecting victims who follow these e-mail trails arrive on the hackers system and provide sensitive account and password information that the hacker then uses for illegal or illicit purposes. In addition to using e-mail messages, hackers will also use Trojan programs, Trojan viruses, will run in the background on a user system often planning a keylogger program.
What is a keylogger? A Keylogger simply monitors every key stroke a user enters on a system including sensitive account names, passwords, credit card numbers, and the like. This information is then harvested by hackers who use it for illegal and illicit purposes.
How is pharming different from phishing? Pharming doesn't require that a user clicks on an e-mail message or has a system compromised by a Trojan program, or a Keylogger. Instead, in pharming attacks, hackers will compromise DNS servers. DNS servers are those systems on the Internet that will convert a friendly name such as bank.com to the numeric address used by the Internet such as 192.168.1.1. Hackers compromise these DNS servers and they change the record to reflect a server they control such as 192.168.1.100. This is a particularly insidious attack because the user has done nothing except go to the Web browser and type in the address. The DNS servers that can be compromised include the Internet's route DNS servers, DNS servers you're ISP, DNS servers within your organization, even proxy servers.
So what's your best defense against phishing and pharming attacks? In the case of phishing, e-mail policies are for the best defense. Ensure that your users are educated and understand never to provide sensitive account, user name or password information in response to an e-mail message. And for pharming, your best defense is to ensure that your IT department is regularly monitoring its DNS servers, watching for any irregularities. In addition, make sure your IT department has installed and is monitoring intrusion detection systems and has explored the use of security certificates. There you have it. The differences between phishing and pharming.
Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors
- The Cisco Mobility Resource Center is your source for FREE mobility solutions
-
The Cisco Mobility Resource Center offers FREE videos, downloads, podcasts and more, all designed to help small and medium businesses get mobile connectivity solutions, improve productivity and drive sales and revenue.
- New mobility solutions at the Cisco Mobility Resource Center
- View exclusive resources for Intel Premier IT Professionals
-
Designed specifically to address the concerns of senior IT managers at organizations with more than 100 employees, the Intel Premier IT Professional Program provides best practices via local and e-Seminars and a members-only Web site.
- Sign-up free and access best practices resources >>
