June 16, 2005, 12:00 AM

Pharming, phishing remain major online fraud threats, VeriSign says

Pharming, in which hackers intercept personal data sent between a shopper and a genuine web site, is emerging as a major method of online fraud, according to VeriSign Inc.’s most recent Internet security intelligence briefing.

Pharming, in which hackers intercept personal data sent between a shopper and a genuine web site, is emerging as a major method of online fraud, according to VeriSign Inc.’s most recent Internet security intelligence briefing. The briefing is based on transactions settled by VeriSign during the first quarter.

Pharming tricks a user’s computer into connecting to a fake web site even if the correct domain name information is entered into the browser. The technique exploits vulnerabilities in domain name service software to distribute fake address information, VeriSign says.

One such incident happened March 16, when hackers launched a widespread series of domain name service cache poisoning attacks, in which users attempting to connect to popular sites like Google and eBay were redirected to a web site that distributed spyware and adware, VeriSign says. VeriSign detected the attack and none of its customers experienced any compromises.

VeriSign also found that phishing remains a major threat to web site security, with phishers using increasingly sophisticated technology. In a phishing attack, a hacker sends out e-mails that appear to come from a user’s bank or other web site asking the user to confirm account information. The e-mail directs the user to a fake web site where the user is conned into releasing confidential information, a so-called social engineering attack.

But recent phishing attacks are exploiting technical flaws in software. One technique uses malicious software, known as malware, which monitors what a user types and forwards the information to the hacker. Malware can be installed through viruses, worms or Trojan horses and is often included with downloaded software. “These attacks require a far higher level of technical sophistication than social engineering attacks, but can be much harder to detect,” VeriSign says.

In its review of first-quarter transactions, VeriSign also discovered that 84.9% of attempted fraudulent transactions originated in the U.S. Canada was second with 5.2%, followed by Great Britain (1.1%), Australia and Germany (0.9%), and Japan (0.7%).

Transactions settled by VeriSign in the first quarter totaled 71.3 million, representing about 37% of North American e-commerce, with a dollar value of $10.7 billion.

comments powered by Disqus

Advertisement

Advertisement

Advertisement

From IR Blogs

FPO

Will Devlin / E-Commerce

Three simple steps to reducing shopping cart abandonment

Payment options, a shopping cart that holds a customer’s items while she ponders the purchase ...

FPO

Adrien Henni / E-Commerce

eBay and Russian Post accelerate cross-border deliveriies

EBay and Russian Post have signed a memorandum of cooperation aimed at reducing the time ...

Advertisement