Pharming, in which hackers intercept personal data sent between a shopper and a genuine web site, is emerging as a major method of online fraud, according to VeriSign Inc.’s most recent Internet security intelligence briefing.
Pharming, in which hackers intercept personal data sent between a shopper and a genuine web site, is emerging as a major method of online fraud, according to VeriSign Inc.’s most recent Internet security intelligence briefing. The briefing is based on transactions settled by VeriSign during the first quarter.
Pharming tricks a user’s computer into connecting to a fake web site even if the correct domain name information is entered into the browser. The technique exploits vulnerabilities in domain name service software to distribute fake address information, VeriSign says.
One such incident happened March 16, when hackers launched a widespread series of domain name service cache poisoning attacks, in which users attempting to connect to popular sites like Google and eBay were redirected to a web site that distributed spyware and adware, VeriSign says. VeriSign detected the attack and none of its customers experienced any compromises.
VeriSign also found that phishing remains a major threat to web site security, with phishers using increasingly sophisticated technology. In a phishing attack, a hacker sends out e-mails that appear to come from a user’s bank or other web site asking the user to confirm account information. The e-mail directs the user to a fake web site where the user is conned into releasing confidential information, a so-called social engineering attack.
But recent phishing attacks are exploiting technical flaws in software. One technique uses malicious software, known as malware, which monitors what a user types and forwards the information to the hacker. Malware can be installed through viruses, worms or Trojan horses and is often included with downloaded software. “These attacks require a far higher level of technical sophistication than social engineering attacks, but can be much harder to detect,” VeriSign says.
In its review of first-quarter transactions, VeriSign also discovered that 84.9% of attempted fraudulent transactions originated in the U.S. Canada was second with 5.2%, followed by Great Britain (1.1%), Australia and Germany (0.9%), and Japan (0.7%).
Transactions settled by VeriSign in the first quarter totaled 71.3 million, representing about 37% of North American e-commerce, with a dollar value of $10.7 billion.