What is Pharming?

I was surfing on YouTube the other day and found this hilarious video mash-up of Taylor Swift’s song “Shake It Off” and an 80s aerobics video. For a lot of kids today, mash-ups are all the rage—whether it’s combining two videos, two songs, or two words.

http://www.dreamstime.com/stock-images-online-risks-sign-road-banner-image34668294Mash-ups have even caught on in the tech world. The word pharming is actually a mash-up of the words phishing and farming. Phishing is when a hacker uses an email, text, or social media post asking for your personal and financial information. On the other hand, pharming doesn’t require a lure. Instead of fishing for users, the hacker just sets up a fake website, similar to farming a little plot of land, and users willingly and unknowingly come to them and give them information.

How does it work? Most hackers use a method called DNS cache poisoning. A DNS, or domain name system, is an Internet naming service that translates meaningful website names you enter in (like twitter.com) into strings of numbers for your computer to read (like 173.58.9.14). The computer then takes you to the website you want to go to. In a pharming attack, the hacker poisons the DNS cache by changing the string of numbers for different websites to ones for the hacker’s fake website(s). This means that even if you type in the correct web address, you will be redirected to the fake website.

Now, you go to the site and thinking that it is a legitimate site, you enter your credit card information, or passwords. Now, the hacker has that information and you are at risk for identity theft and financial loss.

To prevent yourself from a pharming attack, make sure you:

  • Install a firewall. Hackers send pings to thousands of computers, and then wait for responses. A firewall won’t let your computer answer a ping. The firewalls of some operating systems are “off” as a default, so make sure your firewall is turned on and updated regularly.
  • Protect against spyware. Spyware is malware that’s installed on your device without your knowledge with the intent of eavesdropping on your online activity. Spyware can be downloaded with “free” programs so be leery of downloading free software and don’t click links in popup ads or in suspicious e-mails.
  • Use comprehensive security software. McAfee LiveSafe™ service includes a firewall and scans your computer for spyware. It also protects all your smartphones and tablets as well. And make sure to keep your security software updated.

For more tips on protecting your digital life, like Intel Security on Facebook or follow@IntelSec_Home on Twitter!

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.