need help with a term paper 8 pages Write a term paper that

need help with a term paper 8 pages Write a term paper that discusses the risks of pharming and phishing with respect to identity theft, including spam emails claiming to come from well-known companies and financial institutions. Including in your paper a discussion of some of the current techniques being deployed to reduce pharming and phishing, including how effective they are\".

Solution

Pharming:

Pharming (pronounced ‘farming’) is a form of online fraud which is similar to phishing as these guyz rely upon the same bogus websites and theft of confidential information. However, where phishing will forward the user to the website through ‘bait’ in the form of a phony email or link, pharming re-directs victims to the bogus site even if the victim has typed the correct web address. This is often applied to the websites of well known banks or e-commerce sites, which considerably dreadful.

Phissing:

Phishing is a form of fraud in which the criminals will try to learn information such as login credentials or account information by masquerading as a reputable entity or person in email, IM or other communication channels.Phishing email messages, websites, and phone calls are designed to steal money. Online frauds can do this by installing malicious software on your computer. It is a type of an email that falsely claims to be a legitimate enterprise in an attempt to scam the user into surrendering private information.

Difference between Phissing and Pharming:

Both Phissing and Pharming are entirely two different concepts that are applied to steal the customer information online.

While pharming is still considered a subset of phishing, it refers to a specific type of phishing using DNS hijacking or poisoning to forward the user\'s browser to fraudulent sites or servers. Pharming was keep on increasing from 2005 but has decreased slightly this year due to increased diligence of domain controls, and is therefore employed less than the phishing exploits mentioned above.

Special Notes:

From February 2005 to August 2005, worldwide there was a large number of pharming attacks, due to common misconfigurations of DNS servers that made them accept the poison. While we still see a trickle of pharming attacks today, most DNS servers have improved their poisoning defenses, thereby lowering the incident of attacks. Don\'tget fooled, though, they are still out there and we have to be diligent. If you run a Windows-based DNS server, make sure you have enabled the \"Secure Cache Against Pollution\" option in the configuration GUI (the default for recent versions of Windows DNS server). Also, never use Windows DNS servers configured to forward requests through BIND 4 or 8. Windows DNS servers acting as forwarders should always go through BIND 9, which can cleanse potentially poisoned records.

Risk of Phissing:

We can come to some general conclusions on the business risks of phishing attacks based on this year\'s rash of privacy breaches. Phishing attacks ended in personal data loss and bring the same business risks as losing backup tapes or a credit card database compromise. One of the horrible hazard is bad publicity, leading to both long and short term loss of corporate reputation. In case of Mastercard, the loss of reputation may even lead to a permanent closure of business for the credit card processor involved. ChoicePoint, the often maligned beginning of this rash of private data loss, still struggles to regain customer confidence and share value nearly a year after their saga began. The very part of this conspiracy is that in most of this year\'s cases, the company named (Time Warner, ChoicePoint, MasterCard) had little control over the actual loss of data. It was usually a tape/document storage vendor, shipping company or customer. However, the media still point the finger at the larger and better known name.

Recently an significant phishing attack was launched against customers of JP Morgan Chase, as detected by cybersecurity firm Proofpoint and reported by Reuter. It states, an email impersonating the bank asked recipients of the phishing email to click a link that forward them to a bogus bank website operated by the cyber criminals perpetrating the scheme.

This attack included some new technical elements – if a user clicked the link the attackers not only tried to grab credentials to JP Morgan Chase’s systems via the phony login page, but also attempted to install malware that could lead to breaches at other institutions. That said, the basic attack delivery technique remained the same as it has been for many years: Criminals sent a message that looks like it is from a legitimate business and tricked users into clicking a link.

Why phissing is considered to be an successful technique over the decade? why people ares still not aware of this scam? what makes them to be a prey for those fraud data hunters over online?

The answer is simple, but, perhaps, a bit painful:

We’ve been concentrating on technology, rather than on people. And when we do focus on people we do it wrong.

Phishing, and other spam-related attacks, do not open technical vulnerabilities. They leverage a technological medium to use human weaknesses. The difference is significant – and game changing. While technical weaknesses can often be addressed with technical solutions, curbing phishing and related scams mandates addressing the underlying human problem at their cores — an issue has nothing to do with the digital age.

In fact, the main reason why phishing continues to be an effective method of attack – even after a decade of anti-phishing efforts – is precisely because anti-phishing technologies are often designed to combat phishing by implementing technical “solutions” rather than addressing the human source of the problem. Technical precautions can be circumvented, and if a human target is not otherwise shielded, problems occur. Software that attempts to block or erase phishing emails before a user reads them, for example, does nothing if a user is forwarded to a rogue website via a text message, and may, at times, even aggravate the problem by lowering a person’s guard when a cleverly constructed email does reach the user; the recipient thinks that illegitimate emails are blocked, and, therefore, grants unnecessary trust to messages that he or she does receive.

After repeated advice to counter phishing is to educate customers about the dangers associated with clicking on links in unsolicited emails or opening unsolicited attachments.

Hazards of Pharming:

Previously pharming was done by waiting until a victim triggered a particular DNS lookup, which could then be forwarded to the fake server. Recently the FraudWatch International Malware team started monitoring that much more deliberate attacks are happening, whereby cyber-criminals are making use of phishing emails to enhance their hit rate.

The targeted victims were sent an email claiming to be from a well-known bank, which contained a link that was allegedly directing to their banks site so they could log in. The link actually has a malicious javascript that attempted to compulsive entry to the victims router with common username and password combinations, often the default settings. Once the script succeeds in compromising the router, it is reconfigured to forward traffic via a malicious DNS server.

Once after that,the compromised router will then discretely direct traffic via the affected DNS server. This attack will forward the victim to a phishing site when they attempt to access their bank’s site, even when they manually type the address.

The victim will also be forwarded to the same bogus IP address when they attempt to perform an nslookup on their banks domain, that is, when they query DNS records to try and guess the domain name to an IP address.

How can you protect yourself?

When you login for Internet access with an Internet Service Provider (ISP), quite often they will provide you a wireless router to assist you in linking multiple PCs or smart devices onto your own private Local Area Network (LAN). Whilst this seems like a great idea, however there are some risks involved. The router provided to you will have a login credentials that has been preset by the ISP. The main issue here this is that most home routers use common login details, such as, “admin:admin” and this can be exploited by hackers who want to gain access to your LAN and all the devices connected to it.

Changing your router’s default login credentials: