Pharming

The scam popularly known as 'phishing' - email messages trying to deceive you into surrendering personal information over the Internet. Competing with it more and more for headlines is a newer scam: pharming.

Unlike phishing, which requires victims to voluntarily visit a criminal's website, pharming simply redirects victims to fraudulent websites without assistance. Pharming subverts a basic service of the Internet known as the 'Domain Name Service' or 'DNS.' Each machine connected to the Internet knows the location of one or more DNS servers. This service translates a human-friendly URL name such as www.institutionforsavings.com into an IP address, which is a unique number that has been assigned to each web server on the Internet.

To execute pharming, suspects first must gain access to the DNS server used by many people, such as the server of an ISP. Once accessed, the suspect will replace the IP number for the financial institution's URL with the IP number of his or her fraudulent website. When this occurs, any person using that DNS server will be redirected, silently, to the fraudulent website.

The good news is that pharming requires either an unpatched software/server vulnerability to exist on the DNS server itself, or an insider at the ISP or financial institution to make unauthorized DNS server changes. This is rare.

Please be assured that the Institution for Savings manages and updates its DNS server's software to maintain a high level of security. We maintain the highest standards; our customers are protected from pharming that would result from a compromise of our DNS server.

If you are suspicious about a website, consider contacting the FBI's Internet Crime Complaint Center.

As always, please call us at 978-462-3106 or 978-356-3600, or email us with any questions or concerns.