Pharming - Information about Pharming Scams
Hopefully, an increasing number of web users are now aware of how
work. A typical phishing scam operates as an evil
duo comprising a fraudulent email closely coupled to an equally
fraudulent website. The scam email, supposedly from a well-known
company or financial institution, is intended to trick recipients
into following a link to the fake website and providing sensitive
Phishing's more sophisticated first cousin is a technique known
as "pharming". Like phishing, pharming coerces victims into
visiting a fake website and supplying information. However,
instead of tricking recipients into clicking on an email link,
pharming can secretly redirect victims to a fraudulent website
directly from their web browser. Pharming effectively eliminates
the need for "bait" emails and is therefore potentially more
dangerous than "normal" phishing scams and can cast a wider "net"
in which to snare victims. Even phishing-savvy web users could
fall victim to a pharming scam without realizing it.
In order to make pharming work, scammers may compromise a victim's
system directly by secretly installing malicious software on his or
her computer or modifying the browser's hosts file. Alternatively,
the scammers may use "DNS cache poisoning" to effectively
compromise the DNS server.
What this means in plain English is that, even if you manually
enter the web-address of your bank or financial institution
directly into your browser, or click on a saved bookmark, it is
possible that a pharming attack could cause your browser to
unobtrusively redirect to a fraud site. If the scam site is made
to resemble the legitimate website of the targeted institution,
a victim could enter account numbers, passwords and other sensitive
information before he or she realized what was happening.
Currently, pharming does not appear to be as common as phishing.
However, many computer security experts are predicting that
pharming attacks will continue to increase as more criminals
embrace these techniques. To help protect yourself from pharming,
you should make sure that the secure website you are visiting has
a valid certificate of authority from a trusted service such as
VeriSign. Before entering sensitive personal data on the website,
click the "lock" icon in the browser's status bar to view the
certificate. Ensure that the name on the certificate corresponds
to the site you are viewing. You should also run anti-virus and
anti-spyware software, keep your operating system and browser
updated with the latest security patches and use a reliable
firewall. As with all aspects of Internet security, simple
vigilance is a crucial defensive weapon. For example, if your
Internet banking site suddenly seems subtly different in layout
and styling and /or some of the links don't work as expected,
it is possible that you have been secretly redirected to a scam
The technical aspects of pharming are quite complex and I have only touched the surface of the subject here. This article is intended to offer a brief overview of pharming. The list of resources included below should prove useful for those interested in finding out more about pharming.
Pharming Resource List:
Attorney General Foti Warns of New ID Theft Scam: "Pharming"
First Was Phishing, Next Is Pharming
Alarm over 'pharming' attacks
Phishing and pharming
Donít Get 'Pharmed'
Don't Let Your Users Buy the 'Pharm'