Michael has a Newcastle University Certificate in Cybersecurity and experience in combatting cybercrime.
So this is typically how it plays out.
You are just busy minding your own business when all of a sudden the e-mail appears.
You notice it right there. Sitting on top of your inbox.
One look at the source and you can see this is from a company you know. In fact, you are their customer. It is perhaps PayPal, eBay, Amazon, a telephone service provider, a credit card company, a travel agent, or even your local bank.
So you do the natural thing. You open it and start reading.
The message goes along one of these lines.
- They are informing you as a customer that they have updated their security measures and have upgraded their systems to provide greater protection to all clients and to prevent data fraud and theft. The new changes require an account verification from you.
- Their system has detected fraudulent activity on your account. They need you to verify your details by navigating to their website and logging in afresh.
- They need you to act immediately in order to be compliant with the most recently rolled-out government regulation on data protection.
- They have recently updated their terms and conditions. They need you to log into your account, read through the new changes and confirm that you agree.
Of course, they value and respect you as their trusted customer. This is why they cannot imagine making any changes that would affect your position with them without first notifying you and obtaining your consent.
All sounds pretty legitimate, right?
So you proceed to click on the link. It leads you to a familiar-looking web page with the familiar company features—the logo, the graphics, the fonts. Everything here gives you the feeling that you are actually interacting with your service provider.
Now you are fully convinced.
Until your eyes zero in on the URL...
It all seemed authentic at first, but now upon closer examination, the web address is not exactly the same as the real company address. The language does not seem all that professional either. And there is something unusual about the images and other features on the page.
The email was just a means to lure you into a trap.
You have just been the target of a phishing attempt.
What is pharming?
The word "pharming" today is used in two completely different contexts.
For genetic engineers, the term has nothing to do with computers or cyberspace. It is simply a merger of the words "pharmaceutical" and "farming". It refers to the insertion of extraneous genes into plants or animals. The plant or animal is thereby genetically modified such that it can be used to generate pharmaceutical products.
While the subject may interest some, it is not the scope of what we are covering here.
For computer users, the term "pharming" has been coined to define the process by which cyber-criminals exploit a computer's vulnerability using malicious code in such a way that they are able to redirect traffic from an IP address to whichever site they want the victim to visit.
So the computer is infected to such a degree that when the victim types in a particular URL on his address bar, they are automatically directed to a fake website, and they are none the wiser as to where the difference lies.
Once a site has been disguised to look like the real one, all the confidential or personal information entered there—including social security numbers, account numbers, passwords, PINS, etc—can be collected and used by criminals for malicious purposes.
So firstly, pharming essentially involves setting up a site that looks legitimate—one that is as identical to the actual website of a company as possible.
The next step is to try and direct as much traffic to that site as possible. The goal is to have customers of the legitimate company sign in on this fake website so that their login details can be captured by the software.
Pharmers can also gain access through the following ways:
1. The Host File on Your Computer:
When you surf the web, the IP addresses of the websites you visit are stored in a host file. When a new IP address is inserted into the database field that corresponds to a particular website, your computer can be redirected to the website of the pharmer instead to the real one. In this way, the pharmer will be able to hijack any information that you enter in the fake site.
2. The Dynamic Name Server (DNS)
The DNS collects and matches names with their respective IP addresses. Once this server is manipulated into assigning new pharmer IP addresses to legitimate names, then any computer using the names provided by the server will automatically be directed to the pharmer's website. This is how victims come under the manipulative control of pharmers whose objective is identity theft and fleecing.
Definition of Terms
Phishing This is an attempt to deceive internet users into thinking that they are receiving a trustworthy email from a legitimate source, or that the website they are connecting with is genuine, when this is not the case at all.
A method of scamming where a code is maliciously installed on a PC or server in order to misdirect users to fake websites. This is carried without the knowledge or consent of the user. A simple way used to define pharming is the phrase 'phishing without a lure'.
Similar to phishing, the victim is convinced to disclose personal or financial details which are then used by the criminals to either steal the victim's identity or commit bank or credit card fraud.
This is used to secure unauthorized access to people's computers. The perpetrator uses an IP address and dispatches a message to a computer, making it appear as though the source is actually genuine.
This is a way that perpetrators (especially spam distributors) use to lure in unsuspecting victims by dispatching an email with a header that appears to originate from a legitimate source. The objective is to have the recipient open and read the message and then respond to their solicitations.
This involves modifying the link of a web page that has been emailed to a recipient who may be the customer of a company, in order to redirect them to the site of the hacker rather than the original site. The hacker simply adds their IP address in front of the real address in an email which has been dispatched linking the recipient back to the original site. Once the person receives the spoofed email and clicks on the link provided, they are automatically directed to the fake website, set up to look just like the original. Whether it imitates an online retail shop or a bank, the ultimate goal is steal personal and financial details.
The way that pharmers get into your host files and DNS servers is by using spyware, adware, viruses or trojans. Therefore, if your computer does not have any antivirus protection or your internet security is not properly updated, the sitting duck analogy comes into play.
The security software you invest in should not only be continually updating its protective capabilities, but it should also be able to warn you if a malicious program has gained access into the system through any means (e.g. a download). It should then be possible to quarantine and eliminate the threat.
The same applies to spyware and adware. In case there has been a change in your internet browsing patterns, or you are frequently coming across pop-ups, these are red flags.
Thankfully, it is not as easy to hijack a computer today as it used to be. Planting bugs on a computer or setting up a process that allows these malicious programs to download directly into another system may not be as simple, but it is still possible.
This is why scammers have developed new strategies.
Instead of invading your system, they let you come to them. Pharmers work together with phishers to make you visit the fake site yourself and provide them with all the personal details they need.
In this way, phishers and pharmers circumvent the hurdle of getting software downloaded onto your computer. Instead, they use you to get the information they want.
As stated before, the bogus page will have everything required to convince the victim that it is the genuine page. Everything except the URL.
This is the one thing that cannot be cloned since every internet address is unique.
So when you receive these types of emails, do the following:
1. Identify the Main Purpose: Ask yourself: what is the real reason behind this? The messages will typically highlight a need to update records, comply with federal regulations, or circumvent fraud. In reality, these are means the fraudsters have set up to lure you into their confidence and elicit a response.
2. Check the URL: If the address indicated contains the name of the real company and there is also a subdomain, then chances are that it has been set up using a free hosting company.
The key rule to remember is never to give out any information in response to an email message, irrespective of how real the page you have been redirected to appears.
Any logging in must be done only at the confirmed parent site of the company. For more information on this type of cybercrime and how to protect yourself, check out this article.