Pin Me

Phishing, Pharming, and Vishing

written by: schacko•edited by: Ronda Bowen•updated: 7/4/2011

Phishing, pharming, and vishing are three forms of social engineering attacks aimed at both individual and business targets. Read on to find out more about each of these threats, including the fine lines that differentiate them from one another.

  • slide 1 of 1

    Serious Online Threats

    Social engineering attacks, namely phishing and pharming, trick users into revealing personal or financial information by means of fraudulent email messages or websites. Fraudulent email messages with a genuine appearance are sent out to capture personal information, including financial details.

    Pharming is similar to phishing. In this attack, hackers reroute browsers to an identical bogus site to steal the identity and commit fraud. This could be performed using DNS cache poisoning, in which an attacker creates fake entries on a DNS server to redirect traffic. Here the attacker hides the actual URL with a legitimate looking address or similarly spelled URL. It is important to check whether the site carries a secure certificate from the legitimate owner.

    Social Engineering Pharming attacks are mainly aimed at online banking and shopping customers. Entering the valid browser address and double checking the spelling are important ways to protect yourself from pharming attacks.

    Vishing, or voice phishing, is an attack aimed at VoIP phone services that tricks people into revealing private information. In this attack, individuals use fraudulent emails or automated phone messages to request that consumers call a fake automated service center or toll-free number. If the fraud is not recognized and personal information is disclosed, then the "visher" has gained another victim. The main way to protect yourself from this threat is to use caution and be careful about what information you give out over the phone.

    Pharming attacks can be difficult to recognize. To overcome issues like DNS cache poisoning, a secure version of DNS Domain Name System Security Extensions (DNSSEC) could be implemented.

    Implementation of products like Symantec Multi-tier Protection could, to a certain extent, stop malware such as viruses, worms, trojans, spyware, adware, bots, zero-day threats and rootkits. Also the use of proxy servers using Microsoft ISA server and Websense could protect users from phishing attacks. Proxy servers help improve security by filtering web content and malicious software.

    Websense Web Security Suite provides protection against spyware, malicious mobile code, and phishing attacks, bots, and other Web based threats. The Websense ThreatSeeker feature proactively discovers Web security threats by scanning 600 million Web sites per week. This product also identifies malicious Web sites, protocols, applications, and HTTP traffic and blocks the access at the Internet gateway.

    A first level defense against phishing is to secure computers using antivirus applications, group policies, Windows security templates, service packs and security patches, spyware prevention tools etc. Implementation of IDS and honeypots can significantly increase defense against the phishing attacks.

    Phishing filter features available on Internet Explorer help to detect phishing websites. A filter performs three steps to identify and protect phishing scams. As soon as the website address is entered; the legitimacy would be compared with a list of legitimate sites reported to Microsoft that is stored locally in the computer. The next step is to analyze sites with common characteristics of a phishing website. In the last step, with the user's consent, the filter sends website addresses to Microsoft to further check against reported phishing websites. If that particular site happens to be in the list of reported phishing websites, IE will display a warning. When the Phishing filter sends the address of a website to Microsoft, it captures the user's IP address, browser type, and the Phishing filter version.

    Internet Explorer 7 provides an extra layer of protection when you visit sites that use Extended Validation (EV) SSL Certificates. The address bar turns green and displays more information, such as the identity of the Web site owner.(Microsoft, 2006)

    Most e-mail programs come with built-in anti-phishing detection, which automatically deletes the e-mail message or moves it to the junk folder depending on the (Spam Control Level) SCL.

    References:

    http://www.microsoft.com/protect/products/yourself/phishingfilter.mspx

    http://www.symantec.com/norton/clubsymantec/library/article.jsp?aid=cs_prevent_pharming

    http://www.symantec.com/norton/clubsymantec/library/article.jsp?aid=cs_vishing

    http://www.websense.com/docs/WhitePapers/Phishing%20and%20Pharming%202006%20Whitepaper%20(3).pdf

    http://securitylabs.websense.com/content/Assets/ProtectingAgainstComplexInternetThreats0405.pdf