In partnership with MarkMonitor Inc., (www.markmonitor.com), we provide the industry's only suite of services to monitor and protect companies against Pharming, and other domain name attacks. These services include global domain name monitoring, authoritative DNS monitoring & SPF enabled enterprise DNS.
Pharming is also known as DNS poisoning during which the security of Root Servers, Authoritative DNS Servers, or Caching Servers are compromised, and IP addresses are changed to redirect known URLs to fraudulent websites. Unlike Phishing, Pharming is not reliant upon users being lured to a site via email. Perpetrators of Pharming attacks wait for users to type a known domain name in the browser. Although the correct domain is utilized, users are presented with a website pointing to an IP address where a fraudulent site is hosted. Users considering it to be a legitimate site, shares their private and confidential information such as: login, password etc, thus leading to misuse of such information by the perpetrator.
Pharming in Simple Steps:
- Hacker creates a fake website which appears similar to the original website.
- Hacker poisons the DNS servers thus domain names are resolved into fake IP address.
- User types the URL of the original website in the browser.
- The DNS server directs User to the fake website designed by hacker.
- User not knowing that it is a fake website, shares his confidential information such as login, password... etc.
- Hacker gets the user confidential information from his fake web site and uses it to access the original website.
- Hacker exploits user's confidential information to his liking.
Impact of Pharming on Customers & Businesses:
- Customer's loss of trust.
- Increase in fear of identity theft.
- Damage to brand and reputation of online service provider.
- Costs in the form of direct financial loss or customer's claims reimbursements.
- Loss in productivity.
- Legal or regulatory repercussions.
- Protection against split DNS tactics, social engineering attacks, and unintentional changes/mistakes.
- Failsafe monitoring through patent pending technology.
- Monitoring of DNS servers used by consumer ISPs.
- Additional anti-phishing monitoring capabilities from Early Warning System (EWS) and activity monitoring for suspected sites.
- Mitigation of risk against brand exploitation.
- Increases customer's confidence to conduct online business.
- Assurance to legal and regulatory compliance.
- Improve productivity.
- Protects of customer's confidential information.
- Protects against customer's claims and financial losses.