- Home
- Are You Safety Savvy?
- Phishing
- How to Spot a Fake E-mail (Phishing)
- Pharming
- How to spot a Fake Website (Pharming) :
- Case Studies
- Safety Tips
- Helpful Sources
What is Pharming?
Pharming is a new method of identity theft— a play on "phishing," another type of Internet fraud. "It's like the name sounds, they're planting the seeds of malicious code and harvesting the identity information later." said Rami Habal, senior product manager at Proofpoint Inc."With phishing, you're scamming one person at a time with e-mail, Pharming allows you to scam a large group at once. You're definitely hurting the masses." said Chris Faulkner, chief executive officer of CI Host Inc. It involves highly skilled hackers who secretly redirect users' computers from financial sites to the scammers' fake ones, where they steal passwords and other personal information. Even the Web address looks the same.
Unlike phishing, where users click on links in e-mails and are taken to fake sites, pharming intercepts a user on his or her way to the bank or credit-card firm. And it potentially can affect thousands of users at a time.
Unlike phishing, where users click on links in e-mails and are taken to fake sites, pharming intercepts a user on his or her way to the bank or credit-card firm. And it potentially can affect thousands of users at a time.
How does it work?
Target: Pharming is not as likely to be directed at children, because they usually aren't making purchases on the Internet. However, be sure you are the one making purchases on Web sites and that you, not your children, are handling your personal information. Furthermore, educate your children on proper ways to use the Internet safely.
What Happens:
Security experts say pharmers have two main ways of operating:
The first method is to send virus-laden e-mails that install small software programs on users' computers. When a user tries to go to his bank's Web site, the program redirects the browser to the pharmers' fake site. It then asks a user to update information such as logons, PIN codes or driver's license numbers. Scammers use the information to steal identities.
Other viruses, called keyloggers, track a user's keystrokes on legitimate sites and can be used to steal passwords.
The pharmers' second method takes advantage of the fact that Web sites have verbal names but reside at numeric addresses on the Internet. When users type a Web site's name into their browsers, Domain Name System, or DNS, servers read the name, look up its numeric address and take users to the site. Pharmers interfere with that process by changing the real site's numeric address to the fake site's numeric address.
The servers can belong to financial institutions, Web-hosting companies or Internet service providers. This tactic, called DNS poisoning, has been around for years, but it is only in the recent years that techies have seen it used for identity theft and dubbed it pharming.
Technical details as to how it works:
There are a special computers (called domain name servers [DNS]) that work behind the scenes to take the addresses that you type in your browser (or click from a link), like www.Google.com, www.Ebay.com, etc. and point (redirect) your browser to the right computer connected to the internet that handles that particular website.
These DNS servers are kind of like telephone switchboards. Hackers figured out that if they hack into the DNS computers, they can change the addresses! It would be like them stealing your phone number so when people dialed your number, they'd get the call instead of you!
What Happens:
Security experts say pharmers have two main ways of operating:
- attacking either users' computers or
- the large servers that find Web sites for users.
The first method is to send virus-laden e-mails that install small software programs on users' computers. When a user tries to go to his bank's Web site, the program redirects the browser to the pharmers' fake site. It then asks a user to update information such as logons, PIN codes or driver's license numbers. Scammers use the information to steal identities.
Other viruses, called keyloggers, track a user's keystrokes on legitimate sites and can be used to steal passwords.
The pharmers' second method takes advantage of the fact that Web sites have verbal names but reside at numeric addresses on the Internet. When users type a Web site's name into their browsers, Domain Name System, or DNS, servers read the name, look up its numeric address and take users to the site. Pharmers interfere with that process by changing the real site's numeric address to the fake site's numeric address.
The servers can belong to financial institutions, Web-hosting companies or Internet service providers. This tactic, called DNS poisoning, has been around for years, but it is only in the recent years that techies have seen it used for identity theft and dubbed it pharming.
Technical details as to how it works:
There are a special computers (called domain name servers [DNS]) that work behind the scenes to take the addresses that you type in your browser (or click from a link), like www.Google.com, www.Ebay.com, etc. and point (redirect) your browser to the right computer connected to the internet that handles that particular website.
These DNS servers are kind of like telephone switchboards. Hackers figured out that if they hack into the DNS computers, they can change the addresses! It would be like them stealing your phone number so when people dialed your number, they'd get the call instead of you!
Examples:
Prevention:
- The address bar on your Internet browser won't tell you anything useful. The address (URL) looks just the same. To avoid this problem, be sure that the URL window shows a page name (e.g. www.ebay.com), not an IP address (e.g. 66.123.15.3). Avoid pages that throw a Web certification error.
- The best defense is to only entrust your sensitive data to sites that use extra layers of security, like security certificates, to prove that they are a legitimate website. Verisign would be an example of this type of technology.
- Companies and big organizations can reduce the threat by keeping their software updated and patched. They also can install firewalls, filter for known scams, and watch for changes in Internet protocol addresses on their servers
- Anti-pharming software is in the works, including products that will display security information and show users where a Web site is being hosted.