What is Pharming?

SECURITY DEFINITION

The term "pharming" is a portmanteau of the words "phishing" and "farming," used because one form of this cybercrime is essentially a phishing scam that can affect multiple users at once. Pharming exploits the foundation of how Internet browsing works — namely, that the sequence of letters that form an Internet address, such as www.google.com, have to be converted into an IP address by a DNS server in order for the connection to proceed. This exploit attacks this process in one of two ways. First, a hacker may install a virus or Trojan on a user's computer that changes the computer's hosts file to direct traffic away from its intended target, and toward a fake website instead. Second, the hacker may instead poison a DNS server, causing multiple users to inadvertently visit the fake site. The fake websites can be used to install viruses or Trojans on the user's computer, or they could be an attempt to collect personal and financial information for use in identity theft.

Pharming is an especially worrisome form of cybercrime, because in cases of DNS server poisoning, the affected user can have a completely malware-free computer and still become a victim. Even taking precautions such as manually entering in the website address or always using trusted bookmarks isn't enough, because the misdirection happens after the computer sends a connection request.

Protecting yourself from these types of scams begins with the installation of a robust anti-malware and antivirus solution, to be used in conjunction with smart computing practices like avoiding suspicious websites and never clicking on links in suspicious email messages. These steps will prevent most malware from accessing your computer and changing your hosts file.

However, that's only part of the threat, so you also have to be smart about the websites that you visit — especially those that contain your personal or financial information. If the website looks strange, the address in the address bar looks off, or the site starts asking for information that it normally doesn't, check to ensure there is a lock icon in the address bar, denoting a secure website, and click on the lock to ensure that the website has a trusted, up-to-date certificate. Those running DNS servers have some pretty sophisticated anti-pharming techniques at their disposal, but the risk of being hacked is always there, so you can only mitigate the risks through a combination of personal protection and Internet awareness.


Other articles and links related to Definitions