Pharming Scam

You’ll have come across the phishing scam where links in a spoof e-mail direct you to a fake website where you’re asked for details and can find yourself a victim of identity theft. It’s a product of the cyber age.

But it’s been eclipsed by a variant, a variation on the theme, known as pharming. This is even more insidious, because without a great deal of care you can find yourself a victim, and you might never even realise what happened.

How It Works

You can be very careful and type the proper URL into your web browser, thinking you’re taking every precaution to get to the real web site, and indeed you are. But pharming is dangerous. Instead, you’re redirected to a site that looks real, but is counterfeit, and you don’t even know it.

Although it’s only recently received publicity, it’s actually nothing new, and has been familiar for quite a long time to experts as DNS cache poisoning. However, the new name has appeared as it’s become more widespread, and for its similarity to phishing.

There are a couple of ways pharming can be carried out. It can be done by either changing the host files on the computer of the victim – you – by infecting it with a virus, or, far worse, finding and exploiting vulnerabilities in DNS server software, which directs people to the proper website – in other words, they hijack the address and substitute the fake site. A well-executed attack like that can affect literally thousands of people.

Meanwhile you carry on as you would with the real site, not aware that you’re giving away sensitive information.

How To Avoid It

There’s no simple or easy solution to avoid pharming. You need to keep your wits about you when you’re going online. But there are precautions you can take to help keep yourself safe.

Whenever you’re going onto a site where you’ll be giving personal information, make sure it’s safe – that is, it begins with https:// rather than just http:// – and definitely secure. That’s probably the most important thing, and applies whenever you’re undertaking a transaction or giving out information. You can also check whether the site has a certificate. Click File > Properties, or right click in the body of the page and select Properties from the menu.

Make sure you have a good firewall, anti-spyware and anti-virus software on your computer, and make sure you scan regularly. These greatly reduce the chance of someone hacking into your machine and changing host files.

Download and install the security updates for your browser. You can also click on the link that says Get Updates For Windows Automatically.

If you bank or pay your bills online, check all your accounts on a very regular basis. If you notice any irregularity, report it to the institution immediately. You should also check your credit file frequently.

If you come across a site that you believe has been pharmed, then don’t proceed. You should contact the institution and inform them of the situation.