Secure IT! Newsletter
The Newsletter of the Information Security Group | ISG@brown.edu
Archive Edition: June, 2005
Archives Home Page

Pharming / Phishing – What's a User To Do?

by Susan A. Baumes, Systems Manager, Bio Med Community Health

Monitor and keyboardI’m confused, everyone is talking about phishing and pharming. What does it all mean? Do I need to be worried? How do I protect myself from something I don’t understand?

You are not alone. Many people feel the same way about the terms that technical folks use. I’ll try to shed some light on the actual problem.

What is it?

Pharming (pronounced ‘farming’) and phishing (pronounced ‘fishing’) in a nutshell are two ways that bad people are trying to get your personal information. Your personal information may be your name, address, SSN, mother’s maiden name etc. Personal information is information about you that you would not give a total stranger. It is information that you want to protect.

How do they get my information?

The bad guys are pretty smart. They have come up with some new and interesting ways to get our information.

In pharming attacks, you think you are going to a certain website but you are actually going to a bad site. They do this be something called: “DNS Poisoning”. Computers communicate using numeric addresses; humans communicate using words. So when we want to visit a website we type www.brown.edu; a computer called a Domain Name Server (DNS) converts that into a number eg: www.brown.edu = 1.1.1.1. The DNS computers all speak nicely to one another and share information. The bad guys create a DNS server that has been poisoned, eg. www.brown.edu = 9.9.9.9. Since all of the DNS servers share information, the REAL DNS machines become poisoned eg. www.brown.edu is changed from 1.1.1.1 to 9.9.9.9.

Now if the user types in www.brown.edu they will go to 9.9.9.9, which is a bad guy’s web site. If this was a banking website, people would just think they were visiting their bank’s website. The bad guy collects your information and then passes that information onto the REAL website.

Pharming Attacks flow chart

What do I do to protect myself?

There are a few things that you can do to protect yourself:1

  1. Be suspicious if you correctly type in a web address and get an error message
  2. Use websites of companies that have protection through VeriSign http://www.verisign.com/ (or other reputable companies).
  3. Users may want to use security programs like Norton Internet Security or Anonymizer that are updated to offer protection from pharming scams: http://www.symantec.com/ http://anonymizer.com/
  4. Consider using adware/spyware detector and removal programs, such as:
    » Ad-Aware - http://www.lavasoftusa.com/
    » SpySweeper - http://www.webroot.com/
    » Spybot Search and Destroy - http://beam.to/spybotsd

1 - kurt the cyber guy. ”Pharming Attacks”, Copyright © 2005 Tribune Interactive, Inc. All rights reserved.