As users become more aware of traditional phishing scams, some con artists have abandoned the concept of “baiting” their victims entirely. They are instead resorting to pharming. This phishing technique employs cache poisoning against the domain name system (DNS), a naming system used by the Internet to convert alphabetical website names, such as “www.microsoft.com,” to numerical IP addresses, allowing it to locate and direct visitors to computer services and devices.
Organizations should encourage employees to enter login credentials only on HTTPS-protected sites to avoid pharming attacks. Anti-virus software should be installed on all corporate devices, and virus database updates should be performed on a regular basis. Finally, they should keep up with security updates issued by a reputable Internet Service Provider.