Pharming

Pharming - Fake Websites, Real IP Addresses - Stealing Your Personal Financial Information

What is Pharming?

Pharming is a form of domain spoofing. In simple terms, rather than spamming you with email requests to confirm your financial or personal information, pharmers work invisibly. They change your local DNS server to redirect your Web request to an fake site.  This means that when you enter a web address, such as www.abc.com; you will be taken to a fake website rather than the legitimate website!

As far as you know, you're connected to the correct site. No email is involved, and if they copied the appearance of the real site well, you would have no way to know that anything was wrong.

History of Pharming

• Panix - In January of 2005, someone fraudulently changed the DNS address for the domain panix.com, a New York State Internet service provider. Ownership of the company was changed from New York to Australia. Requests to reach the panix.com server were redirected to the United Kingdom, and e-mail was redirected to Canada. State and federal authorities are currently investing this case.
• Ebay (Germany) - In September 2004, a teenager in Germany managed to hijack the domain for eBay.de.

What do Pharmers do with the Information Today?

Just like in Phishing, the criminals use the information they obtain to apply for new credit cards in the victim's name, withdraw money directly from victims' bank accounts, and spend, spend, spend... the victim's money

In some cases, the scammers act as a clearinghouse, selling stolen credit card numbers in online forums to others who use the information.  Amazingly, the stolen account numbers usually only bring a dollar or two each!

How it works: technical details

It gets a little complicated if you don't understand how the internet works, so here goes: There are a special computers (called domain name servers [DNS]) that work behind the scenes to take the addresses that you type in your browser (or click from a link), like www.Google.com, www.Ebay.com, etc. and point (redirect) your browser to the right computer connected to the internet that handles that particular website.

These DNS servers are kind of like telephone switchboards. Hackers figured out that if they hack into the DNS computers, they can change the addresses!  It would be like them stealing your phone number so when people dialed your number, they'd get the call instead of you!

How to Prevent being a Victim of Pharming

The address bar on your Internet browser won't tell you anything useful. The address (URL) looks just the same. If the criminals are good, the spoofed site may look just fine, too. At present only a certificate (such as those issued by Verisign) will ensure that you are on the right website.

When you visit a websites that uses a certificate, you will see a box asking you if you want to trust the certificate.  If you do online banking, you've probably already seen these. Compare the names: if the name on the certificate doesn't match the site you're trying to reach, you know that something is wrong! Close the window and contact the company by telephone. If the certificate is OK, you then save the certificate so that when you next return, your browser will know it's reached the right address. You would then log in to the site safely.
 

What Else Can you Do to Protect Yourself from Pharming Theft

• Act immediately if you've been hooked by a pharmer. If you provided account numbers, PINs, or passwords to a pharmer, notify the companies with whom you have the accounts right away. For information about how to put a "fraud alert" on your files at the credit reporting bureaus and other advice for ID theft victims, contact the Federal Trade Commission's ID Theft Clearinghouse, www.consumer.gov/idtheft or toll-free, 877-438-4338. The TDD number is 202-326-2502.
• Even if you didn't get hooked, report Pharming. Tell the company or agency that the pharmer was impersonating. You can also report the problem to law enforcement agencies through the National Fraud Information Center/Internet Fraud Watch, www.fraud.org or 800-876-7060, TDD 202-835-0778. The information you provide helps to stop identity theft.    

---

 Reporting a Possible Pharming Attack

See our What to do, if you think you have been the victim of identity theft page!

If you need advice about an Internet or online solicitation, or you want to report a possible scam, use the Online Reporting Form or call the NFIC hotline at 1-800-876-7060

 

---

For More Information About Pharming, See:

• Is Someone "Phishing" for Your Information?  [PDF version]
  Cautions consumers about emails that claim to be from government agencies in an attempt to steal personal information.
• Digital PhishNet Web site.
• Phish Report Network - a cooperative effort by several companies providing an information clearinghouse that will be run by WholeSecurity, a provider of client-side security solutions.
• Internet Crime Prevention & Control Institute, a cooperative effort between Zero Spam Network Corp. and the University of Miami. Staffed by Miami undergraduate and graduate students and Zero Spam employees, works closely with the Secret Service's Electronic Crimes Task Force and ISPs in the United States and abroad to identify and block traffic to machines hosting Pharming sites.
  • Report A Crime
  • FTC Fraud Reporting