You are on page 1of 10


Pharming is where malicious code software installed on a
users personal computer or web server misdirect users to
fraudulent or bogus website in the hopes of gathering
personal information without the persons knwoledge or
consent .
Pharming is a practice in which malicious code on a
personal computer or server , misdirects user to fraudulent
websites without their knowledge or consent
Access to personal information, such as credit card
numbers, PINs, etc. can lead to fraud and other illegal use of
whatever personal and financial information the creator can
A hacker attacks a domain name system (DNS) server .
The hacker redirects traffic from the real website to his own
fraudulent site .
The users types in the web address of the real site .
They are instead taken to the fake site usually a bank or
other e-commerce site.
Preventation of pharming
Use trusted legitimate internet service provider.
Maintain effective, up to date anti-malware utility to
identify and remove pharming code
Educate website users on pharming and its dangers .
Keep simple names for domains which can be easily
recalled by customers and which are less prone to
Use anti-pharming tool which is available for windows
based servers
The user should always be alert and look out for clues
that they are being re-directed to another site
It is the act or practice of using computers and associated
devices for obtaining secrets and information without the
permission and knowledge of the holder of the information.
How industrial espionage is performed
Foreign governments most often use hackers in acts of economic
espionage. Hackers can gain access to your sensitive data using
malware, zero-day vulnerabilities or even known exploits that were
not timely patched, and use espionage software to gather valuable
data and trade secrets.
In acts of industrial espionage between companies, malicious insiders
are used much more frequently. Competitors can plant moles inside
your company that will act as regular employees, while secretly
gathering intelligence for their actual employer.
Social engineering techniques can be used on unsuspecting company
employees to perform or aid in corporate espionage
Terminated employees, disgruntled employee looking for a way
to get back at company, or simply one of the trusted insiders
leaving for a competitor could easily take sensitive data with
Best practices for preventing Industrial
The fact that perpetrators more often than not are your own employees
makes digital industrial espionage prevention much more complex, than
simply protecting yourself from malware. You need to strengthen overall
security posture of your organization, follow the best anti espionage
practices, and pay especial attention toinsider threat preventionand
Conduct risk assessment: identify potential targets; trade secrets and
other valuable data your company possesses and how much each of them
worth and who potentially needs them
Establish effective security policy: All security rules should be
formalized into a clearly written security policy that you need to
effectively enforce.
Maintain efficient data access policy: By limiting a number of people
with access to trade secrets and critical data, you severely limit the
number of entry points, through which your competitors can obtain this

Best practices for preventing Industrial
Secure your infrastructure: Building secure perimeter using layered approach (firewall, anti-
malware software and stand-alone computers) is the best way to protect yourself from industrial and
economic espionage done through hacking and malware.
Educate employees: This will help protect your employees from social engineering attempts, and
will prevent simple security mistakes, such as sticking with default password. Your employees
will also be more eager to follow security policies, if they understand why those policies are in place.
Conduct background checks or careful vetting of employees: Background checks are a good
general security practice that will help you judge potential risks, associated with a person before
hiring lest you hire moles. Background checks are also useful on existing employees, especially the
ones with privileged access to trade secrets and sensitive data, as they are under high risk of being
approached by a competitor.
Create proper termination procedure: Proper termination procedure should be created and
implemented, in order to protect your company from potential acts of industrial espionage by
terminated employees.
Monitor employee activity: Employee monitoring is the best way to both prevent and detect
industrial espionage performed by employees. It makes all employee actions fully visible and
transparent, allowing you to identify data theft and take appropriate actions to prevent it.
Employee monitoring can also serve as an effective way to deter opportunistic employees from
stealing data,
they will know that their actions are now fully visible.
Phishing is where the creator sends out a legitimate-looking email in the hope of
gathering personal and financial information from the recipient.
Phishing is a type of deception designed to steal your valuable personal data, such as
credit card numbers, passwords, account data, or other information.
As soon as the recipient clicks on the link in the email or email attachment they are
sent to a bogus website where they will be asked for personal information
It is the attempt to obtain sensitive information such as usernames, passwords and
credit card details often for malicious reasons by disguising as a trustworthy entity in an
electronic communication.
It is typically email spoofing (the creation of email messages with a forged sender
Preventing Phishing
Never respond to an email asking for personal
Always check the site to see if it is secure. Call the phone
number if necessary
Never click on the link on the email. Retype the address
in a new window
Keep your browser updated
Keep antivirus definitions updated
Use a firewall
Anti-phishing measures have been implemented as
features embedded in browsers, as extensions or toolbars
for browsers, and as part of website login procedures.