Pharming - Fake Websites, Real IP Addresses - Stealing Your Personal Financial Information
What is Pharming?
Pharming is a form of domain spoofing. In simple terms, rather than spamming
you with email requests to confirm your financial or personal information,
pharmers work invisibly. They change your local DNS server to redirect your
Web request to an fake site. This means that when you enter a web address,
such as www.abc.com; you will be taken to a fake website rather than the
As far as you know, you're connected to the correct site. No email is
involved, and if they copied the appearance of the real site well, you would have no way to know that anything was wrong.
History of Pharming
- Panix - In January of 2005, someone fraudulently changed the DNS address
for the domain panix.com, a New York State Internet service provider.
Ownership of the company was changed from New York to Australia. Requests to
reach the panix.com server were redirected to the United Kingdom, and e-mail
was redirected to Canada. State and federal authorities are currently
investing this case.
- Ebay (Germany) - In September 2004, a teenager in Germany managed to
hijack the domain for eBay.de.
What do Pharmers do with the Information Today?
Just like in Phishing, the criminals use the information they obtain to apply for new credit
cards in the victim's name, withdraw money directly from victims' bank accounts,
and spend, spend, spend... the victim's money
In some cases, the scammers act as a clearinghouse, selling stolen credit card
numbers in online forums to others who use the information. Amazingly, the
stolen account numbers usually only bring a dollar or two each!
How it works: technical details
It gets a little complicated if you don't understand how the internet works,
so here goes: There are a special computers (called domain name servers [DNS])
that work behind the scenes to take the addresses that you type in your browser
(or click from a link), like www.Google.com, www.Ebay.com, etc. and point
(redirect) your browser to the right computer connected to the internet that
handles that particular website.
These DNS servers are kind of like telephone switchboards. Hackers figured
out that if they hack into the DNS computers, they can change the addresses!
It would be like them stealing your phone number so when people dialed
your number, they'd get the call instead of you!
How to Prevent being a Victim of Pharming
The address bar on your Internet browser won't tell you anything useful. The
address (URL) looks just the same. If the criminals are good, the spoofed site
may look just fine, too. At present only a certificate (such as those issued by
Verisign) will ensure that you are on the right website.
When you visit a websites that uses a certificate, you will see a box asking you
if you want to trust the certificate. If you do online banking, you've
probably already seen these. Compare the names: if the name on the certificate
doesn't match the site you're trying to reach, you know that something is wrong!
Close the window and contact the company by telephone. If the certificate is OK,
you then save the certificate so that when you next return, your browser will
know it's reached the right address. You would then log in to the site safely.
What Else Can you Do to Protect Yourself from Pharming Theft
- Act immediately if you’ve been hooked by a pharmer. If you provided account numbers, PINs, or passwords to a
the companies with whom you have the accounts right away. For
information about how to put a “fraud alert” on your files at the credit
reporting bureaus and other advice for ID theft victims, contact the
Federal Trade Commission’s ID Theft Clearinghouse,
www.consumer.gov/idtheft or toll-free, 877-438-4338. The TDD number
- Even if you didn’t get hooked, report Pharming. Tell the company or agency that the
pharmer was impersonating. You can
also report the problem to law enforcement agencies through the National
Fraud Information Center/Internet Fraud Watch,
www.fraud.org or 800-876-7060, TDD 202-835-0778. The information you
provide helps to stop identity theft.
Reporting a Possible Pharming Attack
What to do, if you
think you have been the victim of identity theft page!
If you need advice about an Internet or online
solicitation, or you want to report a possible scam, use the
Reporting Form or call the NFIC hotline at 1-800-876-7060
For More Information About Pharming, See:
Is Someone "Phishing" for Your Information? [PDF
Cautions consumers about emails that claim to be from government agencies in
an attempt to steal personal information.
- Digital PhishNet Web site.
- Phish Report Network
- a cooperative effort by several companies
providing an information clearinghouse that will be run by WholeSecurity, a
provider of client-side security solutions.
- Internet Crime Prevention & Control
Institute, a cooperative effort between Zero Spam Network Corp. and
the University of Miami. Staffed by Miami undergraduate and graduate
students and Zero Spam employees, works closely with the Secret Service's Electronic Crimes Task Force
and ISPs in the United States and abroad to identify and block traffic to
machines hosting Pharming sites.