What is pharming?
Whereas phishing uses fraudulent e-mail messages to lure you to fake Web sites and try to get you to supply personal information like account passwords, pharming attacks redirect you to a hacker's site even when you type the address of a real site into your browser.
Real or not?
Pharming does not require you to click on an e-mail message or have a system compromised by a Trojan or a keylogger, and therefore pharming is often described as "phishing without a lure."
Pharmers typically redirect you to a spoofed website by tampering with a company's host files or domain name system (DNS) so that requests for certain URLs return a bogus address and subsequent communications are then directed to a fake site. This means that you’re unaware that the website where you’re entering confidential information is controlled by hackers.
Other types of pharming attacks involve Trojan horses, worms or other technologies that attack the browser address bar, thus redirecting you to a fraudulent website when you type in a legitimate address.
In a poisoning attack in early March 2010, requests from more than 900 unique Internet addresses and more than 75,000 e-mail messages were redirected, according to log data obtained from compromised Web servers that were used in the attacks, says PC Mag.
One way to protect yourself against pharming attacks is to only use pharming-conscious or (PhC) websites. If an attacker attempts to impersonate a PhC website, you will receive a message from the browser or from your internet security software, indicating that the website's "certificate" does not match the address being visited. You should never ever proceed to the website when you get such a message.
Was this article helpful?