What is Pharming? How to protect from Phishing and Pharming

What is Pharming?  How to protect from Phishing and Pharming
Page content

Pharming, coined from the two terms phishing and farming, pronounced “farming”, is a cybercrime attack. In both pharming as well as phishing are users taken to bogus websites to obtain secret information such as user names, passwords and PIN’s for example, but the two methods are inherently different.

Pharming exploits the host name to IP address translation mechanisms by adding a bogus entry in the local computer’s hosts files, or by hacking a Domain Name System DNS server. The effect is that when a user enters an URL such as www.anycompany.com in the browser he or she lands on the attacker’s site pretending to be the legitimate website.

Phishing, on the other hand, tricks users into visiting malicious websites using bogus links. Phishing, mostly seen in emails which mimicry legitimate sites such as financial institutions or auctions sites can occur in any form of Internet based communication including instant messaging programs for example.

In contrast to pharming, which is a technical attack without the users doing anything “wrong”, does phising explore the human nature’s traits such as curiosity, readiness to help or fear by enticing or demanding to click a link. Thus, phising is a so called social engineering attack.

To prevent pharming you should have your system protected by a capable anti-virus program such as, for instance, Webroot AntiVirus which protects you from unauthorized alterations of the hosts file. For the same purpose you should regularly patch your computer; users of recent Windows system can use automatic updates.

However, more sophisticated pharming attacks target the DNS server which is usually handled by Internet Service Providers (ISPs), and there is little the ordinary user can do against except using only trustworthy DNS servers as told by your admin or ISP.

Some anti-virus programs are capable of alerting when landing at pharming and phishing sites, but you should always remain vigilant in divulging confidential information. In doubt, do no enter your credentials or any other requested information and revisit the website using secure communication:

In your browser type https:// followed by the URL of the legitimate entity under consideration, e.g. https://www.anycompany.com. Using the https protocol not only encrypts the data sent over the Internet but also authenticates the site to prevent both, phising and pharming.

References

  • Author’s own experience