Highlights:
- "Pharming" is the process of redirecting Internet domain name requests to false Web sites to collect personal information. Information collected from these sites may be used to commit fraud and identity theft.
- The attached guidance explains how pharming occurs and recommends strategies for protecting financial institution Internet domain names from a successful pharming attack.
- The effectiveness of an insured institution's Internet domain name protection program should be addressed in periodic risk assessments and status reports presented to the institution's board of directors.
Distribution:
FDIC-Supervised Banks (Commercial and Savings)
Suggested Routing:
Chief Executive Officer
Chief Information Security Officer
Related Topics:
GLBA, Section 501b
FIL-77-2000, Bank Technology Bulletin, November 2000
FIL-27-2004, Guidance on Safeguarding Customers Against E-Mail and Internet Related Fraud, March 2004
FFIEC Information Security Handbook, Issued November 2003
Interagency Informational Brochure on Phishing Scams, Contained in FIL-113-2004, Issued September 13, 2004
Putting an End to Account- Hijacking Identity Theft Study, Issued December 2004
Attachment:
Guidance on How Financial Institutions Can Protect Against Pharming Attacks
Contact:
Senior Technology Specialist Robert D. Lee at rolee@fdic.gov or (202) 898-3688.
Printable Format:
FIL-64-2005 - PDF 48k (PDF Help)
Note:
FDIC Financial Institution Letters (FILs) may be accessed from the FDIC's Web site at www.fdic.gov/news/news/financial/2005/index.html.
To receive FILs electronically, please visit http://www.fdic.gov/about/subscriptions/fil.html.
Paper copies of FDIC FILs may be obtained through the FDIC's Public Information Center, 801 17th Street, NW, Room 100, Washington, DC 20434 (1-877-275-3342 or (703) 562-2200).