What is Pharming and how can you prevent it?
When we look around we are amazed at the speed with which the world is changing. Online fraud techniques such as Pharming and other cyber crime attacks are at all time high. To overcome such challenges, we need to at least have some basic understanding of these terms. The intention of this informational document is to approach the problem with a solution.
What is Pharming
Pharming redirects Internet users from legitimate websites to malicious ones using a strategy called DNS Cache Poisoning – where corrupt data is inserted into the cache database of a DNS.
The attacker uses several ways to carry out pharming attacks, one of the most popular way is to modify the Host file. The Pharmer covertly hijacks your computer and takes you to a forged website. Your browser may display the legitimate URL, but you will not be on the legitimate server. This, in most cases, is a page that looks identical to that of your bank, financial institution or online shopping websites like, eBay, or Amazon. Here, the attacker seeks your confidential information like credit card numbers, account passwords, etc.
The Hosts file allows storing IP & domain names to speed up surfing and avoid consulting a DNS server. So, every time a user enters the address into the browser, the PC accesses the Hosts file first and, if it finds this domain name, it takes up the IP address of a website. Now if the Hosts file is modified, the user will be redirected to the wrong website, where the attacker will be waiting to steals the credentials.
To carry out a pharming attack, the attacker typically makes use of the following:
- A Batch Script to write the malicious IP and domain names onto the Hosts files.
- A Joiner to join the batch file onto another file
- A Code Obfuscator to help the executable escape detection from anti-virus software.
Phishing vs Pharming
You need to be clear about the difference between Pharming and Phishing. Phishing attacks start with the receipt of an e-mail asking you to visit a website where you may get compromised. Pharming attacks start at the DNS server level where you are redirected to a malicious website.
How to mitigate Pharming attack
Use an anti-virus program which protects you from unauthorized alterations of the Host file is one way. Also, you should regularly patch your operating system and the installed software.
More sophisticated pharming attacks target the DNS server which is usually handled by Internet Service Providers (ISPs). In such a scenario, a user has few options at hand to handle the risk and he can do little against it, except using trustworthy DNS servers.
Most browsers & security software today are capable of alerting users when landing at Pharming and Phishing sites. As such, a user should always remain vigilant while divulging details about financial accounts. Whenever in doubt, communicate using a secure network and do not reveal your credentials or any other requested information.
Precautions that can be taken to prevent Pharming
- Use a trusted, legitimate Internet Service Provider: Rigorous security at the ISP level is your first line of defense against pharming. Internet service providers (ISPs) are working hard on their end to filter out ‘pharmed’ sites.
- Better Antivirus software: Install an antivirus program on your Windows PC that does the right job for you. It is a good practice to buy an anti-virus system from a trusted security software provider to reduce your exposure to pharming scams.
- Keep computer updated: Get into the habit of downloading the latest security updates (or patches) for your Web browser and operating system to stay protected. Use a good secure web browser always.
- Double-check the spelling of a website: In most cases, it is observed that the attacker obscures the actual URL by overlaying a legitimate looking address or by using a similarly spelled URL. So, always check the Web browser’s address bar to make sure the spelling is correct.
- Check URL: Check the URL of any site that asks you to provide personal information. Make sure your session begins at the known authentic address of the site, with no additional characters appended to it. But it is important to remember that your browser may display the legitimate URL, but you will not be on the legitimate server.
- Check the certificate: It takes few minutes if not seconds to verify if a website page you’ve opened in the browser is legitimate or not. To check, go to ‘File’ in the main menu and select ‘Properties’. Alternatively, you can right-click your mouse anywhere on the browser screen and, select ‘Properties’ option. From the menu that pops up, click on “Certificates” and check if the site carries a secure certificate from its legitimate owner.
- Check the ‘HTTP‘ address: It is the safest and easiest practice to follow. When you visit a page where you’re asked to enter personal information, the ‘HTTP’ should change to https. The “s” stands for secure. This post will show you the difference between HTTP and HTTPS.
- Look for PadLock: A locked padlock, or a key, indicates a secure, encrypted connection and an unlocked padlock, or a broken key, indicates an unsecured connection. So, always look for a padlock or key on the bottom of your browser or your computer taskbar.
Pharming is a serious concern and it’s on the rise. Although ISPs are taking the necessary efforts to provide filtering, we as a user should be more vigilant and exercise caution when using the Internet.
Prevent Pharming – Protect Your Identity
Pharming? Phishing? What’s the difference?
Many of us are now familiar with phishing scams. The phishers drop the bait—seemingly legitimate email from financial institutions, banks, or places we shop. The mail claims the institution has suffered a breach in security. We are asked to reply to the mail, sending our lost information. Or we’re requested to click through to a fake site that mirrors the original, one where we can hand over all our personal information. The result? These criminals can steal our identities, infest our computers with annoying adware and spyware, and attack our computers with damaging viruses, worms, and Trojan horses.
How does pharming work?
Pharming redirects Internet users from legitimate Web sites to malicious ones using a strategy called DNS cache poisoning. The pharmer covertly hijacks your computer and takes you to a copycat Web site. The site it takes you to is most commonly a page that looks identical to that of your bank, financial institution, eBay, or Amazon. From this point, they ask you to submit your vital passwords and financial information which go straight into their databanks.
Take these precautions
Internet service providers (ISPs) are working hard on their end to filter out pharmed sites. The main thing you can do to protect yourself on your end is to make sure the Web site is authentic. You need to use more than one method to stay ahead of the pharmers. Remember, most of these authentification methods are set up to work only on the pages where you’re asked to enter your personal information.
- Use a trusted, legitimate Internet Service Provider. Rigorous security at the ISP level is your first line of defense against pharming.
- The attacker obscures the actual URL by overlaying a legitimate looking address or by using a similarly spelled URL. Check the Web browser’s address bar to make sure the spelling is correct. For example, when you type http://www.google.com, you should see that address. But the address for a pharmed site might be http://www.nsgoogle.com.
- Check the http address. When you get to the page where you’re asked to enter personal information, the http should change to https. The “s” stands for secure.
- Verify the certificate of the site. It takes just a few seconds to tell if a site you land on is legitimate. On the latest version of Internet Explorer and on many other commonly available Web browsers, go to “File” in the main menu and select “Properties,” or right-click your mouse anywhere on the browser screen and, from the menu that pops up, click “Properties.” When the “Properties” box opens, click “Certificates,” and check if the site carries a secure certificate from its legitimate owner.
- Look for a padlock or key on the bottom of your browser or your computer task bar. A locked padlock, or a key, indicates a secure, encrypted connection and an unlocked padlock, or a broken key, indicates an unsecured connection.
- Install an antivirus program from a trusted security software provider to reduce your exposure to pharming scams. Use a personal firewall to protect your data from hackers, viruses, worms, and Trojan horses.
- Download the latest security updates (or patches) for your Web browser and operating system.
Pharming is a serious concern and it’s on the rise. Although ISPs are doing all they can to provide filtering, you still need to exercise caution when using the Internet. Norton Internet Security from Symantec can help protect you against pharming, phishing, and other Internet threats. Also, be sure to visit ClubSymantec and Symantec Security Response regularly to get the latest Internet security information.
If you’ve ever logged into your bank page only to find your login info has been compromised and your money stolen, then you, unfortunately, have been a victim of pharming. Pharming disguises fake, data-grabbing websites as legitimate, trusted ones.
Pharming is a fraudulent practice similar to phishing, except with pharming, a legitimate website’s traffic is manipulated to direct users to fake lookalikes that will either install malicious software on visitors’ computers, or harvest (pharm) users’ personal data, such as passwords or financial details. Pharming is particularly insidious because if a DNS server is compromised, even users with fully protected, malware-free devices can become victims.
What kinds of pharming are there?
Pharming takes two forms. In the first form, hackers use any number of different methods to install viruses or other malware onto your computer. This virus then makes your computer direct you away from the site you want to visit, such as a banking or e-commerce site, and instead takes you to a fake website that’s been designed to look exactly like the site you thought you were going to. The second form of pharming, though, is what makes this type of cybercrime particularly dangerous. In this form, a cybercriminal poisons an entire DNS server, redirecting every user who tries to visit a legitimate site to the fake one.
How do you recognize pharming?
If hackers do their job well, it‘s nearly impossible to recognize a fake, data-stealing site — but there are still a few things you can be on the lookout for. For example, always check the URL of the site to make sure it’s spelled correctly. Second, make sure that the URL has been changed to “https”. The “s” stands for “secure” meaning the website is safe.
How do you stop a pharming site?
For the most part, it’s your ISP (internet service provider) who fights against pharming sites, by filtering out fake redirects and closing down fraudulent sites. But there are still measures you can take to stop pharming and the most important one is to install a powerful antivirus that can find and remove any malware on your computer that will direct you to malicious sites.
Other ways to prevent pharming
- Check the URL on sites you visit to make sure they’re correct
- Use a trustworthy ISP and be smart about the websites you visit
- Use security software to ensure the sites you visit are trustworthy
Protect yourself against pharming
Prevention is far better at keeping you safe than treatment, so the first line of defense is doing your best to not get infected. Avoid suspicious websites and never click on links in emails from people you don’t know. But the only way you can be sure you’re protected from this type of pharming is to use a robust internet security solution that will secure your DNS settings, and to use a browser that will automatically ensure you go to the sites that are safe and trustworthy.
Thanks TheWindowsClub, Symantec, Avast, and for reading What is Pharming?
This Site is Blocked By Some Browsers, WOT And Parental Controls Triggered By TERMS and TOPICS of Internet Crime; Child Porn, Pornography Addiction, Sexting, Sextortion, Sexual Harassment. Children as young as 9 years old are Watching Porn and Sexting.
Use the POWER of Social Media SHARING to HELP INCREASE AWARENESS of these important topics for Parents, Friends and our Children
Image: CyberSecureAsia “Understanding the Difference Between Phishing and Pharming”