On the 3rd of March, this article entitled Phishing with Wildcard DNS Attacks and Pharming was posted. This was interesting because of the fact that we are learning a new term. According to Wikipedia: Pharming is the deceit of a web site where a cyber attack is done to make the site go somewhere else. Here is the paragraphs talking directly about Pharming from Wikipedia. To learn more, please click through.
“Pharming[a] is a cyber attack intended to redirect a website’s traffic to another, fake site. Pharming can be conducted either by changing the hosts file on a victim’s computer or by exploitation of a vulnerability in DNS server software. DNS servers are computers responsible for resolving Internet names into their real IP addresses. Compromised DNS servers are sometimes referred to as “poisoned”. Pharming requires unprotected access to target a computer, such as altering a customer’s home computer, rather than a corporate business server.
The term “pharming” is a neologism based on the words “farming” and “phishing”. Phishing is a type of social-engineering attack to obtain access credentials, such as user names and passwords. In recent years, both pharming and phishing have been used to gain information for online identity theft. Pharming has become of major concern to businesses hosting ecommerce and online banking websites. Sophisticated measures known as anti-pharming are required to protect against this serious threat. Antivirus software and spyware removal software cannot protect against pharming.”
If this is true, what type of things can we as citizens do to be able to protect ourselves from this new threat? We’re going to have to explore this together and see what types of things we can do.
- While this isn’t fullproof, make sure you’re on the site you want to be on before entering any type of data. If you want to go to PayPal, make sure PayPal is in its URL, and not redirected to somewhere else.
- If the site is supposed to be secure, make sure the URL says htttps and not http. Especially when logging in to sensitive places.
- Make sure you know if the web site is to go somewhere else by a redirect. Most sites don’t redirect to offsite URL’s.
On that last point, I have a redirector for a sub domain to point directly to an HTML site on the same site. I also had a sub domain pointing directly to my blog at livejournal, but i show you where it is going, instead of hiding that fact. This way, the user can question me about that, and I can tell them its safe.
What other thoughts do you have? Get in touch.