Active cookies can help protect against pharming, a more sophisticated form of phishing. They contain user identification and a stored address of the legitimate site, triggering an alert if the site server receives an incorrect response. They may also display unique graphics on the legitimate site. However, they are not foolproof and can be removed by changing computers or browsers.
Active cookies, also known as soft tokens, may be able to help defend Internet users against pharming. Pharming is a more sophisticated form of phishing, an attack that tricks a user into thinking they are visiting a legitimate business site and unknowingly providing personal information to the thief.
In a phishing attack, the thief designs a website that duplicates a well-known company site. The thief then sends spam, encouraging people to visit the site to update information or take advantage of a promotion. When users click on the link within the email, they are directed to fake site to disclose critical information. Therefore, experienced users enter website addresses manually or use bookmarks. Those who click on the email links may spot the website address as misspelled, saving themselves from a scam. However, none of these precautions will help spot a pharming scam.
Pharming has the same function as phishing, but with more stealth and no spam. In this case, the thief enters a fake code on the domain name server (DNS) itself, so that anyone who enters the correct website address will be redirected by DNS to the fake site. Surfers have no way of knowing they aren’t on the rightful site, but active cookies may be able to alert them.
Active cookies are a consequence of standard computer cookies. A standard cookie is a piece of text code that your browser shares with a site during a visit. The site and browser pass the cookie back and forth transparently, while the cookie identifies your browser to the site. Depending on its purpose, a cookie contains certain information such as registration, password and, in some cases, previous purchases, account information or other relevant data. The cookie allows the user to visit a site again without having to re-enter personal information at each visit.
Researchers at Indiana University, together with RavenWhite Inc., have developed new active cookies. Active cookies contain not only user identification information, but also a stored address of the legitimate site. When authentication occurs between the website and an active cookie, the cookie tells the browser not only to respond through the usual channel, but also to send a duplicate message directly to the stored address, bypassing any intermediary. If the site server receives only a correct response from the active cookie, it triggers an alert to block access to the account.
Active cookies may also employ additional measures, such as providing instructions for displaying a unique graphic on the legitimate site. If the customer doesn’t see your custom graphics, this will be an obvious hint that the site is pharmed. Active cookies will be set on the server side by companies they think may be useful to customers. While active cookies can provide an extra layer of security, they aren’t perfect. Changing your computer or browser or deleting the cache where active cookies are stored will remove the benefits.
Protect your devices with Threat Protection by NordVPN
