What is pharming?

Whereas phishing uses fraudulent email messages to lure you to fake Web sites and try to get you to supply personal information like account passwords, pharming attacks redirect you to a hacker's site even when you type the address of a real site into your browser.

Real or not?

Pharming does not require that a user clicks on an email message or has a system compromised by a Trojan or a keylogger, and therefore pharming is often described as "phishing without a lure."

Pharmers typically redirect users to a spoofed website by tampering with a company's hosts files or domain name system (DNS) so that requests for certain URLs return a bogus address and subsequent communications are then directed to a fake site. This means that users are unaware that the website where they are entering confidential information is controlled by hackers.

Other types of pharming attacks involve Trojan horses, worms or other technologies that attack the browser address bar, thus redirecting the user to a fraudulent website when the user types in a legitimate address.

Pharming strike

In February 2007, a pharming attack that targeted online customers of at least 50 financial institutions in the US, Europe and the Asia-Pacific region infected at least 1,000 machines per day for several days. The attack was notable for the effort put into it by the hackers, who constructed a separate look-alike website for each financial institution they targeted.

Also in 2007, a new kind of pharming was discovered. In drive-by pharming a cyberattacker takes control of a user's home router by guessing the router password and any users who have not changed the default password on their router could be at risk.

Be aware

One way to protect yourself against pharming attacks is to only use pharming-conscious or (PhC) websites. If an attacker attempts to impersonate a PhC website, you will receive a message from the browser indicating that the website's "certificate" does not match the address being visited. You should never ever proceed to the website when you get such a message.

Source: http://www.bullguard.com