Pharming can be defined as a type of online fraud in which the attacker redirects an internet user to a fake website without them even realising it. The fake website has been created by the attacker, which they then use to collect the victim’s personal information and defraud them in a manner similar to regular phishing attacks.
Pharming may occur in a variety of different ways. The attacker may change the host files on a victim’s computer, which redirects them to the fake website, or they may exploit a vulnerability in DNS server software. The pharmer may modify a user’s computer such that an IP address which normally directs to a legitimate, commercial website instead directs to a fake website which the attacker has made. Pharmers may also poison entire DNS servers, which means that any user who uses that DNS server will suffer the same fate as the original victim and be redirected to the fake website. Therefore, the pharmer may attack a large number of people at once following an initial attack on an individual.
It is difficult to know when one has been pharmed. The website may display the legitimate URL, despite it not being the real website. The page may look identical to the organisation being spoofed. The graphics, logos and home page will be designed to successfully masquerade themselves as undetectable forgeries of the original. When the victim inputs their login details to this website, the phisher can collect them, and use them access the victim’s accounts on the real website. From there, they can commit identity theft, and rob the victim of their money before the victim even knows they were on a fake website.
Precautions against pharming:
Pharming itself may be hard to spot, but several precautions can be taken against being harmed in the first place.
Firstly, ensure a trusted Internet Service Provider (ISP) is being used. These work to filter out pharming sites, and may prevent you being redirected from a legitimate website. Getting good anti-virus software is also essential. This will hopefully prevent your computer from being poisoned and stop the pharmers from gaining unauthorised access in the first place. In addition to this, ensuring that the computer is up-to-date with its updates will help the browser and operating system stay protected from the latest attacks.
Even if you have been redirected to a fake website, you can prevent further damage from occurring. Always checking the spelling of a website’s URL if a good practice. Fake websites trying to spoof real URLs may include additional letters, misspellings, or using strange characters (such as 0 for o) are common tricks that phishers use to try and fool you into believing a website is legitimate. Checking the security certificate of a website is also recommended. If the website carries a secure certificate from a legitimate owner, then you are not in danger of being phisher. Checking the HTTP address is essential. If you are asked to input personal information, HTTP should change to HTTPs, where the “s” stands for secure. If this is missing, don’t input any personal information and contact your internet service provider immediately.