Pharming (cyber attack)
Pharming is a sophisticated cyber attack in which malicious software redirects users from legitimate websites to fraudulent ones, often without their knowledge. This technique allows cyber criminals to steal sensitive personal information, such as credit card details and passwords, directly from users who believe they are on a trusted site. The term "pharming" is a blend of "phishing" and "farming," coined to describe this more insidious form of online fraud that does not rely on user action, like clicking a deceptive link, to succeed.
Pharming exploits vulnerabilities in a user's browser or hijacks domain name systems (DNS) to manipulate web traffic, making the attack more difficult to detect. Notable incidents of pharming have been reported, raising concerns about the safety of online transactions and personal data. To combat these threats, users can employ antivirus software and rely on secure protocols (HTTPS) when making sensitive transactions. As reliance on the internet grows, so does the risk of cyber identity theft, prompting ISPs and cybersecurity firms to enhance protections against such tactics. Awareness and proactive measures are essential for safeguarding personal information in the digital age.
On this Page
Subject Terms
Pharming (cyber attack)
Pharming is a type of online security scam in which a malicious code is installed on a person’s computer and web browser that redirects the unsuspecting user away from a legitimate commercial website to another, fraudulent site to allow for the theft of personal information. The term pharming was first used by Scott Chasin, who warned that the more deleterious form of hacking had become increasingly threatening in the early 2000s; he chose the term pharming because it is a portmanteau of the words "phishing" and "farming" and has often been described as "phishing without a lure."
When pharming, cybercriminals use installed malware so that valid websites such as Paypal or Ebay redirect to sites that look very similar to the websites users intended to find. When a user stores their personal information on the site, such as credit card information, passwords, or a home address, however, the information is immediately forwarded to the fraudulent company or individual in an act of identity theft.
Background
Cyber hacking, in various forms, has existed almost as long as computers and the Internet themselves as a means for people to anonymously extract private data from users. While the online hacking concept known as phishing, which involves sending fake emails containing links to phony websites in the hope that users will visit the site and unwittingly give up personal information, has technically been around since the term was first used in 1996, it was not until 2003 that it became a truly popular tool of cybercriminals and illegitimate companies.
In 2004 and 2005, many users, including retailers and online companies, began to fall victim to pharming, an even more dangerous form of cyberattack. Unlike phishing attempts, which depend upon users opening emails and clicking on links, victims of pharming are automatically redirected to the phony site despite having attempted to visit a legitimate site. In 2004, a notorious but ultimately harmless pharming attack was coordinated by an unnamed German teenager who hijacked the domain name for the German eBay site and redirected users to a different domain name server (DNS); instead of stealing information, however, he claimed that he had committed the hack merely for fun. Another major instance of pharming happened in January 2005, when the New York–based Internet service provider (ISP) Panix was hijacked to redirect to a similar site based in Australia, which then enabled hackers to pilfer users’ personal information. People have two main methods of employing pharming: installing a virus on users’ web browsers that corrupts local host files, leading to redirection, and hijacking a public DNS, sending a larger number of users to fake sites.
Although criminals who employ phishing techniques tend to be able to use various web design and DNS methods to obscure the true website that a person is redirected to, pharming attacks are a bit more advanced. Pharmers use techniques, such as DNS hijacking, DNS spoofing, and cache poisoning, to directly manipulate the domain and hosting name systems of a user’s browser. When an attack like this is carried out, a security software or solution can also be deceived into thinking the site is legitimate, failing to warn the user.
As more significant instances of pharming continued to make the news, many users became increasingly concerned that they would fall victim to an attack of this nature and have their personal information stolen. Therefore, numerous vendors have developed sophisticated software to help protect against phishing and pharming and improve the ability to recognize whether a website is fraudulent or has malware encased within it. As a result of such software, cybercriminals and illegitimate companies have focused on location-based hacking, tracking the way that users connect to companies through online login services, such as through their email address or social media accounts.
Impact
Cyber identity theft has become a significant concern in the twenty-first century due to society’s increased reliance upon computers and the Internet for personal and financial needs, which requires the digital storing of large amounts of private information. ISPs have taken a more pronounced role in tracking and thwarting pharming website redirects, working with cybersecurity companies to directly block anything with a trace of malware and blocking websites that have URLs that are spelled similar to their legitimate counterparts. Reputable ISPs have also put safeguards in place in the form of hypertext security protocol (also known as hypertext transfer protocol—secure, or HTTPS) on payment pages. This defense is especially important on major banking websites and for e-commerce services, which customers are more likely to inherently trust with critical financial information. When customers reach these payment pages, ISPs will be able to verify the authenticity of the site using the HTTPS step, and users can check to make sure that the site and exchange are secure by looking for a padlock icon in the address bar.
While antivirus software cannot detect a DNS pharming attack once it is underway, this software can serve as a precautionary measure to help protect a computer from succumbing to the various forms of malware used in such attacks. Antivirus software also automatically updates on a user’s computer to best keep track of the newest forms of viruses, worms, and other malicious programs that are constantly changing. If a user is affected by a pharming technique and has personal information stolen, the best way to handle the situation is to change all passwords and inform the service provider where the pharming came from. This response will allow the effects of pharming to at least be partially mitigated and encourage companies to upgrade their security.
Bibliography
Graham, James, ed. Cyber Fraud: Tactics, Techniques, and Procedures. Boca Raton: CRC, 2009. Print.
Jakobsson, Markus, and Steven Myers, eds. Phishing and Countermeasures: Understanding the Increasing Problem of Electronic Identity Theft. Hoboken: Wiley, 2007. Print.
Kerstein, Paul L. "How Can We Stop Phishing and Pharming Scams?" CSO. CXO Media, 19 July 2005. Web. 5 Aug. 2016.
Kim, Iksu, and Yong-Yun Cho. "Hash-Based Password Authentication Protocol against Phishing and Pharming Attacks." Journal of Information Science and Engineering 31.1 (2015): 343–55. Print.
"Phishing: Another Reason to Think Before You Click." Santander, 9 Dec. 2022, www.santander.com/en/stories/pharming. Accessed 13 Jan. 2025.
Sahu, Divya Rishi, and Deepak Singh Tomar. "DNS Pharming through PHP Injection: Attack Scenario and Investigation." International Journal of Computer Network & Information Security 7.4 (2015): 21–28. Print.
Singer, P. W., and Allan Friedman. Cybersecurity and Cyberwar: What Everyone Needs to Know. New York: Oxford UP, 2014. Print.
"2024 State of the Phish
Violino, Bob. "After Phishing? Pharming!" CSO. CXO Media, 1 Oct. 2005. Web. 5 Aug. 2016.
"What Is Pharming?" Kaspersky Lab. Kaspersky Lab, n.d. Web. 5 Aug. 2016.