Security Watch: Alarm over pharming attacks: identity theft made even easier – CNET reviews
By now, hopefully everyone is aware of phishing scams– cleverly designed e-mail and Web sites used to gain access to your financial logins and passwords. We’ve pretty much reached the level of sniffing those out from a mile away. But this fairly new heinous tactic, called pharming, is absolutely frightening. For example, you type in citibank.com in to your Internet browser. The address bar displays as you would expect–citibank.com and you proceed to log on to access your bank account information. No sweat, eh? Well, little did you know that behind the scenes, citibank.com’s DNS (domain name servers) just got hijacked–displaying the completely legitimate URL address that you are accustomed to, but directing you to a spoofed site that looks and feels just like your financial institution, so you have absolutely no idea you willingly gave up your personal account info to the hijackers.
The article doesn’t go into enough detail to illustrate where solutions lie — or, in fact, who may be at fault. The rarity, so far, tende to nudge me to conclude that mediocre security procedures at the local/regional DNS server are at fault.
For more on this see
http://www.wired.com/news/infostructure/0,1377,66853,00.html