Online fraud: pharming

Antivirus software can help protect you against pharming, especially when you enter an unsecured site without realising.

What is pharming?

Pharming (pronounced ‘farming’) is a form of online fraud very similar to phishing as pharmers rely upon the same bogus websites and theft of confidential information. However, where phishing must entice a user to the website through ‘bait’ in the form of a phony email or link, pharming re-directs victims to the bogus site even if the victim has typed the correct web address. This is often applied to the websites of banks or e-commerce sites.

How pharming works

While there are several ways to pharm, the primary method stems from an older attack called DNS cache poisoning in which an attack is made against the Internet naming system that allows users to enter meaningful names for websites (such as www.bank.co.uk) rather than a series of numbers (such as 192. 168. 1. 1.).

The naming system relies upon DNS servers to handle the conversion of the letter-based website names, which are easily recalled by people into the machine-understandable digits that whisk users to the website of their choice.

When a pharmer mounts a successful DNS cache poisoning attack, they are effectively changing the rules of how traffic flows for that portion of the Internet. It is from this practice that pharmers found their namesake – herding large numbers of Internet users to a bogus site rather than planting the ‘bait’ of the phishers.

Major instances of pharming

Due to the wide-scale effects pharming can have on large portions of the Internet, some pharming events have led to major new stories when used against a massive cooperation with thousands of visitors.

Multiple prominent websites have been affected by pharming over the previous decade. A particularly newsworthy event occurred in 2004 when a German teenager hijacked the country’s eBay domain name, leaving thousands of users redirected to a bogus site.

Following in 2005, the domain name for Panix, a New York ISP, was redirected to a bogus site in Australia, while in the same year Hushmail, a secure email service, was attacked by redirecting users to a defaced website.

How to protect against pharming

The primary battle against pharming is being performed by the ISPs as they filter out as many of the bogus redirects as possible. However, it is possible to increase your protection from home with some simple steps and precautions. The most important step comes from using a trustworthy Internet service provider which the vast majority of the ISPs are.

The URL is also a great place to check. Always ensure that, once the page has loaded, that the URL is spelt correctly and hasn’t redirected to a slightly different spelling, perhaps with additional letters or with the letters swapped around.

One of the biggest fears is that pharmers will attack major banking services or e-commerce sites. When you reach the payment point or the point wherein you are asked to type in banking passwords and usernames, ensure that the http has changed to https, as the ‘s’ stands for secure.

Antivirus software can also help to protect against pharming instances, especially when you enter an unsecured site without realising. Keeping this up-to-date, along with installing any updates required for the ISP will help to fight against pharming.