Pharming – What is it and How Can you Dodge it?

If someday you intend to go to a mall but end up in a fish market, then that’s a case of bad directional sense. In the digital world, however, we call it pharming!

How Does Pharming Work?

Phishing is an online fraud where a scammer sends fraudulent emails to the targeted victim. The emails pose as genuine communication from a trusted enterprise such as a bank. The aim of these emails is to trick the victim into visiting a fake website and giving out sensitive information like bank account details.

Now, phishing has a sneakier cousin called pharming; it is more difficult to detect and is a greater threat to a person’s identity and their financial assets. Unlike phishing, it does not use a lure such as emails, but secretly redirects the victim to a fake website, even if they have manually typed in the genuine web address. In most cases, the fake website is designed to look like the legitimate one, for example a bank’s website. And if the user falls for it, then they might give away their confidential personal or bank account details, which would be then exploited by the scammer.

To execute pharming, a pharmer may either compromise your computer by installing malicious software in it, or by infecting the server connected to your computer.

Tips to Protect Yourself from Pharming

1. Whenever you visit a banking or e-commerce website, look for a “locked padlock” icon somewhere in the window of the browser, and ensure that the site’s URL begins with “https”. Presence of these two elements signify that you are on a secured website.

2. It is also crucial to ensure that the website has a valid certificate of authority by a trusted service like VeriSign, Inc., Entrust, Inc., GeoTrust, Inc., etc. The certificate must display the correct name of the website you are in. You can check this certificate by clicking on the “padlock” icon in the browser’s address bar, as you can see in the screenshots below.

On Mozilla Firefox

On Internet Explorer

On Google Chrome

3. After you land on a website, check its URL. For instance, if you type in “www.google.com” and land up on the Google homepage but with a URL “www.goglee.com”, then suspect it as a pharming activity. Do not go any further.

4. Note that, pharming websites usually ask for “extra” information. For instance, if your bank’s website requests for your user id, password, ATM pin, debit card number, transaction password, etc. all at once, then it is most likely to be a pharming site.

5. Keep a close track of your bank statements every month.

6. Use multilayer protection for your computer, and always keep the security software up to date. Also, use the latest version of your browser, as they come with fixes for recently detected security vulnerabilities.

7. Keep yourself updated about the latest security threats and updates.

Although pharming is not as old or common as phishing, it provides a bigger avenue for cyber criminals to target their victims.

Courtesy: Rajib Singha, Quick Heal Blog