Pharming Attacks: What you need to know to keep your website safe

by. Damon Xanthopoulos

Web fraud attacks that target financial institutions and their online banking users continue to skyrocket-primarily because cyber criminals understand that authentic website validation, a prerequisite for secure online transactions, is often misunderstood or unaddressed entirely. The knowledge gap between the attacker and their target continues to fuel increased identity theft and stolen funds activity through the use of clever phishing and pharming techniques that take advantage of the end user’s assumption that transaction conditions are safe when they are not.

The term “pharming” is taken from the words “farming” and “phishing.” Both phishing and pharming attacks seek to obtain access credentials (such as user names and passwords). But while phishing is a type of social-engineering attack, pharming targets the provider infrastructure and can be detected and prevented.

Pharming attacks are among the most virulent and devastating security breaches a company can suffer because end-users are unaware of the compromise. For this reason, pharming has become a major concern to businesses hosting ecommerce and online banking websites, leading the FDIC to issue guidance on this topic.

In order to protect your customers’ sessions on your website, it is important to be aware of three common pharming techniques:

  1. Website defacement refers to an attack that:
    • Alters your website’s content with potentially offensive or erroneous images and text.
    • Involves a hacker placing imperceptible code on your site which is activated when a user accesses it. This technique can often trigger a download of malicious code onto the user’s hard drive which may be controlled by a hacker remotely.
continue reading »