Each depositor insured to at least $250,000 per insured bank



Home > News & Events > Financial Institution Letters




Financial Institution Letters

"Pharming"
Guidance on How Financial Institutions Can Protect Against Pharming Attacks
FIL-64-2005
July 18, 2005


Summary: The FDIC is issuing the attached guidance to financial institutions describing the practice of "pharming," how it occurs, and potential preventive approaches. Financial institutions offering Internet banking should assess potential threats posed by pharming attacks and protect Internet domain names, which – if compromised – can heighten risks to the institutions.

Highlights:
  • "Pharming" is the process of redirecting Internet domain name requests to false Web sites to collect personal information. Information collected from these sites may be used to commit fraud and identity theft.
  • The attached guidance explains how pharming occurs and recommends strategies for protecting financial institution Internet domain names from a successful pharming attack.
  • The effectiveness of an insured institution's Internet domain name protection program should be addressed in periodic risk assessments and status reports presented to the institution's board of directors.

Distribution:
FDIC-Supervised Banks (Commercial and Savings)

Suggested Routing:
Chief Executive Officer
Chief Information Security Officer

Related Topics:
GLBA, Section 501b
FIL-77-2000, Bank Technology Bulletin, November 2000
FIL-27-2004, Guidance on Safeguarding Customers Against E-Mail and Internet Related Fraud, March 2004
FFIEC Information Security Handbook, Issued November 2003
Interagency Informational Brochure on Phishing Scams, Contained in FIL-113-2004, Issued September 13, 2004
Putting an End to Account- Hijacking Identity Theft Study, Issued December 2004

Attachment:
Guidance on How Financial Institutions Can Protect Against Pharming Attacks

Contact:
Senior Technology Specialist Robert D. Lee at rolee@fdic.gov or (202) 898-3688.

Printable Format:
FIL-64-2005 - PDF 48k (PDF Help)

Note:
FDIC Financial Institution Letters (FILs) may be accessed from the FDIC's Web site at www.fdic.gov/news/news/financial/2005/index.html.

To receive FILs electronically, please visit http://www.fdic.gov/about/subscriptions/fil.html.

Paper copies of FDIC FILs may be obtained through the FDIC's Public Information Center, 801 17th Street, NW, Room 100, Washington, DC 20434 (1-877-275-3342 or (703) 562-2200).


Last Updated 07/18/2005 communications@fdic.gov