Wake up to ‘Pharming’

Indian enterprises need to be aware of a new threat known as ‘pharming’, a sophisticated extension of the online confidence scam known as ‘phishing’. During 2004, Gartner reported that crimes such as phishing, where criminals use misleading e-mail and websites to dupe individuals into sharing personal data like passwords, accounted for a staggering $2.4 billion in fraud, or an average of $1,200 per victim, during the previous 12 months.

Unlike phishing, pharming attacks hide silently in a network-connected computer and ‘harvest’ personal financial details from the users’ regular Web surfing activities. Users requesting a bona fide Web site are unknowingly sent to a fake Web site that mirrors a legitimate one. Once the pharming scheme is planted, malicious activity can be launched against a wide number of sites that the user may visit on a regular basis totally unknown to that user.

A login or verification process that does not look exactly like the legitimate site, or a site that asks for additional verification or personal information could be signs of pharming. Similarly when there is neither an SSL padlock present on the browser, nor an ‘HTTPS’ for ‘secure’ in the address bar URL, and when the browser alerts you to a SSL certificate problem, the Web site might be under a pharming threat.