Wake up to Pharming
Indian enterprises need to be aware of a new threat known as pharming,
a sophisticated extension of the online confidence scam known as phishing.
During 2004, Gartner reported that crimes such as phishing, where criminals
use misleading e-mail and websites to dupe individuals into sharing personal
data like passwords, accounted for a staggering $2.4 billion in fraud, or an
average of $1,200 per victim, during the previous 12 months.
Unlike phishing, pharming attacks hide silently in a network-connected computer
and harvest personal financial details from the users regular
Web surfing activities. Users requesting a bona fide Web site are unknowingly
sent to a fake Web site that mirrors a legitimate one. Once the pharming scheme
is planted, malicious activity can be launched against a wide number of sites
that the user may visit on a regular basis totally unknown to that user.
A login or verification process that does not look exactly like the legitimate
site, or a site that asks for additional verification or personal information
could be signs of pharming. Similarly when there is neither an SSL padlock present
on the browser, nor an HTTPS for secure in the address
bar URL, and when the browser alerts you to a SSL certificate problem, the Web
site might be under a pharming threat.