Skip to main content
U.S. flag
An official website of the United States government
Dot gov
The .gov means it’s official. 
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.
Https
The site is secure. 
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

"Pharming"

Guidance on How Financial Institutions Can Protect Against Pharming Attacks

July 18, 2005
Summary: The FDIC is issuing the attached guidance to financial institutions describing the practice of "pharming," how it occurs, and potential preventive approaches. Financial institutions offering Internet banking should assess potential threats posed by pharming attacks and protect Internet domain names, which – if compromised – can heighten risks to the institutions. 

Highlights: 

  • "Pharming" is the process of redirecting Internet domain name requests to false Web sites to collect personal information. Information collected from these sites may be used to commit fraud and identity theft.
  • The attached guidance explains how pharming occurs and recommends strategies for protecting financial institution Internet domain names from a successful pharming attack.
  • The effectiveness of an insured institution's Internet domain name protection program should be addressed in periodic risk assessments and status reports presented to the institution's board of directors.

Distribution: 
FDIC-Supervised Banks (Commercial and Savings) 

Suggested Routing: 
Chief Executive Officer 
Chief Information Security Officer 

Note: 
FDIC Financial Institution Letters (FILs) may be accessed from the FDIC's Web site at www.fdic.gov/news/financial-institution-letters/2005/index.html

To receive FILs electronically, please visit http://www.fdic.gov/about/subscriptions/fil.html

Paper copies of FDIC FILs may be obtained through the FDIC's Public Information Center, 801 17th Street, NW, Room 100, Washington, DC 20434 (1-877-275-3342 or (703) 562-2200).

Additional Related Topics:

  • GLBA, Section 501b
  • FIL-77-2000, Bank Technology Bulletin, November 2000
  • FIL-27-2004, Guidance on Safeguarding Customers Against E-Mail and Internet Related Fraud, March 2004
  • FFIEC Information Security Handbook, Issued November 2003
  • Interagency Informational Brochure on Phishing Scams, Contained in FIL-113-2004, Issued September 13, 2004
  • Putting an End to Account- Hijacking Identity Theft Study, Issued December 2004
FIL-64-2005
Attachment(s)
Guidance on How Financial Institutions Can Protect Against Pharming Attacks
Contact(s)
Senior Technology Specialist Robert D. Lee, (202) 898-3688

Last Updated: July 18, 2005