misspelled web site addresses with the corporation's legitimate website. While this strategy could help prevent phishing attacks by reducing the number of domain names that a scam artist could use to confuse consumers, this strategy would not prevent pharming attacks where the consumer types or clicks on a link to the actual domain name that he or she knows to be correct, not a variation of the domain. The Commission has attacked a scheme in which a defendant registered Internet domain names that were misspellings of legitimate domain names or that incorporated transposed or inverted words or phrases. In October 2001, the FTC filed a complaint against John Zuccarini, charging that Zuccarani registered approximately 6,000 domain names which mimicked the names of companies, trademarks, service marks, and others' web sites. For example, the defendant registered 15 variations of the popular children's cartoon site, www.cartoonnetwork.com, and 41 variations on the name of teen pop star, Britney Spears. Consumers who looked for a site but misspelled its web address or inverted a term - using cartoonjoe.com, for example, rather than joecartoon.com - were taken to the defendant's sites. They then were bombarded with a rapid series of windows displaying advertisements for goods and services ranging from Internet gambling to pomography. In some cases, the legitimate web site the consumer was attempting to access also was launched, so consumers thought the hailstorm of advertisements to which they were being exposed was from a legitimate web site. The FTC alleged that the practices were unfair and deceptive, in violation of Section 5(a) of the FTC Act, 15 U.S.C. § 45(a). On April 9, 2002, the U.S. District Court for the Eastern District of Pennsylvania in Philadelphia issued an order that permanently barred the defendant from redirecting or obstructing consumers in connection with the advertising or sale of any goods or services on the Internet, and launching the web sites of others without their permission. The order also required the defendant to pay the Commission $1,897,166 for the disgorgement of his ill-gotten gains.' 2 Some companies are also using this defensive strategy in the context of trademark protection. The Anti CyberSquatting Act prohibits a cybersquatter's registration of domain names that are confusingly similar to the distinctive or famous trademarks or Internet domain names of another person or company. 15 U.S.C. § 1125(d). 3 A copy of the FTC's press release and Judgment and Permanent Injunction regarding this case are available at: http://www.ftc.gov/opa/2002/05/cupcake.htm. Thank you for your question subsequent to testimony before the Subcommittee on Financial If we can provide further information, please let us know. Enclosure Sincerely, Algeden Alice C. Goodman Office of Legislative Affairs Response to a Question from Question: I have been told by several corporations that, when they attempted to secure all variations and possible misspellings of their web-site to prevent pharming that they were investigated by the federal government for possible anti-competitive activity. Do your agencies believe securing variants on web-sites helps protect against pharming? Answer: Pharming refers to the redirection of an individual to an illegitimate web site through technical means. For example, an Internet banking customer, who routinely logs in to his/her online banking web site, may be redirected to an illegitimate web site instead of accessing his or her bank's web site. Corporations should consider attempting to secure all variations and possible misspellings of their web site as part of a plan to prevent pharming. However, this practice by itself does not fully protect a corporation against all pharming schemes that attempt to attack a domain server. Registering variations of a domain name will not protect against attacks accomplished by installing malicious software directly on a user's computer. On July 18, 2005, the FDIC issued guidance on this matter in the form of Financial Institution Letter (FIL) 64-2005 (“Pharming - Guidance on How Financial Institutions Can Protect Against Pharming Attacks"). A copy of this guidance is attached. It is also available online at http://www.fdic.gov/news/news/financial/2005/fil6405.html. Attachment FDIC: FIL-64-2005: Guidance on How Financial Institutions Can Protect Against Pharmi... Page 1 of 2 DEPOSIT INSURANCE INSURING AMERICA'S FUTURE CONSUMER PROTECTION INDUSTRY ANALYSIS REGULATION & EXAMINATIONS ASSET SALES ¦ NEWS & EVENTS Home > News & Events > Financial Institution Letters Financial institution Letters "Pharming" Guidance on How Financial Institutions Can Protect Against Summary: The FDIC is issuing the attached guidance to financial institutions ADOUT FIC FIL-64-2005 July 18, 2005 Highlights: • "Pharming" is the process of redirecting Internet domain name requests to false Web sites to • The attached guidance explains how pharming occurs and recommends strategies for protecting • The effectiveness of an insured institution's Internet domain name protection program should be Distribution: FDIC-Supervised Banks (Commercial and Savings) Suggested Routing: Chief Executive Officer Chief Information Security Officer Related Topics: GLBA, Section 501b FIL-77-2000, Bank Technology Bulletin, November 2000 FIL-27-2004, Guidance on Safeguarding Customers Against E-Mail and Internet Related Fraud, March 2004 FFIEC Information Security Handbook, Issued November 2003 Interagency Informational Brochure on Phishing Scams, Contained in FIL-113-2004, Issued September 13, 2004 Putting an End to Account- Hijacking Identity Theft Study, Issued December 2004 Attachment: Guidance on How Financial Institutions Can Protect Against Pharming Attacks Contact: Senior Technology Specialist Robert D. Lee at Rolee@fdic.gov or (202) 898-3688. FDIC: FIL-64-2005: Guidance on How Financial Institutions Can Protect Against Pharmi... Page 2 of Printable Format: FIL-64-2005- PDF 48k (PDF Help) Note: FDIC Financial Institution Letters (FILs) may be accessed from the FDIC's Web site at www.tdic.gov/news/news/financiai/2005/index.html. To receive FILs electronically, please visit http://www.fdic.gov/about/subscriptions/fil.html. Paper copies of FDIC FILS may be obtained through the FDIC's Public Information Center, 801 17th Last Updated 07/18/2005 communications@fdic.gov Home Contact Us Search Help SiteMap Forms |