I'm Eric Eckel, executive editor for TechRepublic. All thework you've done to secure sensitive user name and password information maybein jeopardy. Today I'm going to talk about the differences between phishing andpharming to ensure you're best prepared to defend against these attacks.
Phishing involves the receipt of an e-mail message. Thesee-mail messages appear to come from your bank, a vendor, supplier, or anotherorganization with which you have a previous relationship. Typically the e-mailmessage will state that there has been a problem with your account. You need toprovide just a little information, or confirm a piece of information you'vealready given the vendor. Unfortunately, the messages are coming from a bank;instead hackers are sending out these e-mail messages which are lurers. Hencethe name phishing. The poor and unsuspecting victims who follow these e-mailtrails arrive on the hackers system and provide sensitive account and passwordinformation that the hacker then uses for illegal or illicit purposes. Inaddition to using e-mail messages, hackers will also use Trojan programs,Trojan viruses, will run in the background on a user system often planning akeylogger program.
What is a keylogger? A Keylogger simply monitors every keystroke a user enters on a system including sensitive account names, passwords,credit card numbers, and the like. This information is then harvested byhackers who use it for illegal and illicit purposes.
How is pharming different from phishing? Pharming doesn'trequire that a user clicks on an e-mail message or has a system compromised bya Trojan program, or a Keylogger. Instead, in pharming attacks, hackers willcompromise DNS servers. DNS servers are those systems on the Internet that willconvert a friendly name such as bank.com to the numeric address used by theInternet such as 192.168.1.1. Hackers compromise these DNS servers and theychange the record to reflect a server they control such as 192.168.1.100. Thisis a particularly insidious attack because the user has done nothing except goto the Web browser and type in the address. The DNS servers that can becompromised include the Internet's route DNS servers, DNS servers you're ISP,DNS servers within your organization, even proxy servers.
So what's your best defense against phishing and pharmingattacks? In the case of phishing, e-mail policies are for the best defense.Ensure that your users are educated and understand never to provide sensitiveaccount, user name or password information in response to an e-mail message.And for pharming, your best defense is to ensure that your IT department isregularly monitoring its DNS servers, watching for any irregularities. Inaddition, make sure your IT department has installed and is monitoring intrusiondetection systems and has explored the use of security certificates. There youhave it. The differences between phishing and pharming.
