Pharming: How You Can Beat This Growing Threat

Two fairly simple steps you must take to protect yourself from a dangerous computer attack called pharming: Internet ScamBusters #274

Today we tell you about an Internet security threat you probably know nothing about — and we recommend you take two actions that are very important to protect yourself.

By now you know about phishing. However, you probably haven’t heard about pharming, a cunning, fairly new way of directing you to spoof sites or even of taking control of your PC in a way that can’t be spotted or stopped by Internet security software.

We’ll explain the two key ways in which pharming works, and what you can do to beat them — including what you must do to protect yourself if you have a home network.

Now, here we go…

Pharming: How You Can Avoid This Growing Threat

First we had phishing, now we’ve got pharming — a newer buzzword in Internet scams and a computer attack threat that’s especially dangerous for people who use home networks.

Why? Because even the best anti-virus software and firewalls can’t detect or stop pharming once it hits your system.

Phishing vs. Pharming

Let’s start by explaining the difference between phishing and pharming.

“Phishing” is when you get what seems to be a legit email inviting you to click a link that takes you to a website that also looks genuine. In fact, it’s a spoof, set up to look like your bank or PayPal or some other site you trust, that asks you to key in your user name, password or other important information. Then they’ve got you; you’re hooked and ready to reel in!

ScamBusters subscribers already know never to click these types of links. Instead, you should open your browser and navigate to the website from there.

If you’re not familiar with phishing, you can read more about it at Phishing Scams: How You Can Protect Yourself.

But here’s the killer…

“Pharming” happens when you actually do key the correct address into your browser and still go to a spoof site. Now, that is scary.

How does it happen? It’s all down to the way the Internet works.

When you type a website address into your browser — let’s say — the browser, via the Internet, contacts an international computer directory (DNS) server that looks up this name and converts it to a sequence of numbers, which is actually its real Web address.

It’s like when you make a phone call. If you want to call Mrs. Doe, knowing her name is not enough. You need to look up her number in a directory and then key that in. It’s the same with the Internet — but instead of a phone number your browser needs this special sequence of numbers for the site you want.

This special sequence is called an Internet Protocol (or IP) address and every website and computer has an IP address, even yours, that uniquely identifies it on the Internet, just as your phone number uniquely identifies you.

Incidentally, you can find your current IP address by visiting Find My IP Address Lookup.

The First Type of Pharming

Awhile back, hackers and scammers found a way of breaking into and altering the directory servers so that when your browser asked for the IP address of a site you wanted to visit, the server gave the wrong number and directed you to a spoof site that, of course, looked like the real thing.

The possible harvesting of vast amounts of information this way from unsuspecting victims earned its name — pharming. Fortunately, it’s never happened on a huge scale because of security being tightened on the address directory servers themselves.

But this kind of pharming threat remains and, for now, the simple way to avoid it is to follow a rule we’ve given here many times before: Look for a security sign on any website where you’re being asked to provide sensitive or confidential information. This will be signaled by a letter “s” as in “https” in the address box of your browser and/or a padlock icon.

Pharming scammers don’t spoof the security setting. If they try to, by inserting a phony “s” or a padlock, you’ll get a warning that the site may not be what it appears to be. If you get this warning, don’t click “Continue”! (The site could well be legitimate with this warning since sometimes legitimate sites aren’t configured properly, but you need to be EXTRA careful.)

Perhaps the best recommendation we can make on dealing with this aspect of pharming is to use OpenDNS for your computer and router. We’ve been using them since they started.

What is OpenDNS? Among other things, OpenDNS is a powerful tool for combatting phishing and pharming. It works by providing a safer and faster DNS service, providing an alternate to your ISP’s DNS service.

OpenDNS maintains a current list of malicious sites, and blocks access to these sites when you try to access them through their service.

The Second Type of Pharming

Unfortunately, that’s not the end of the story. There’s another more deadly form of pharming that’s starting to show up. Instead of attacking the IP address of directory servers, the hackers have found a way to invade home and small business networks and do their pharming there.

It works something like this: You visit a shady website — of course you may not know it’s shady but then you also know that there are some that definitely are!

The website, set up for pharming, reads the IP address of your network, which is publicly visible, and from that can quickly guess what the specific IP identity of your network router is.

Then it guesses the router’s name and password, logs on and reprograms it. That’s an awful lot of guessing but, sadly, many home network users make it easy for pharming criminals by leaving the network name and password unchanged from when the router was made.

For example: how many users have a network that is called something like Linksys or Dlink, the same as the brand of router they’re using? Quite a lot, in our experience. And if they haven’t changed the name of the network, chances are they haven’t changed the password either.

Let’s guess — it’s “admin” isn’t it?

You don’t see a thing happening. When the rogue page you’ve summoned pops up on your screen, it starts to run an invisible program to unlock your router.

Then, you’re in trouble. Your Internet security software can’t spot what it’s doing — it’s not a virus. And it’s too late for your firewall to stop it — you requested the page right under its nose!

This means that the pharming criminal can control your computer, turn it into a “zombie,” install a key logger or redirect you to a spoof website when you key in a legit address.

You’ve basically given him the key to your network door.

Actually, a hacker can even sit in a car outside your house and log on to an unprotected wireless network, again using the default name and password, and take control that way.

Below we give you specific actions you can and should take.

So, the message is clear: If you have a home or small business network that uses a default name and password, you should return the device to its original factory settings and then change the name and password when you set it up again.

If you don’t know how to do this, there’ll be an explanation in your router manual. And if you can’t find that, visit the router manufacturer’s website and find out how to do it.

In addition, here are some useful articles on changing your router password.

Ask Leo’s: Change Your Password – No, not that one…

For Linksys: I forgot my LinkSys Router Password

For DLink: How to Set up a D-Link Wireless Router

That way, you’ll shut out the pharming community, so you can “graze” the Internet in peace!

To learn more about firewalls and network security, check out the ScamBusters article Privacy Starts With You.

You can find out more about pharming by visiting and following the links there. They include a link to a radio interview with pharming expert, Stanford University professor Neil Daswani.

There’s also an interesting pharming Wikipedia article — though it’s a bit techie.

Summary: Two Actions You Should Take to Guard Against Pharming

  1. Change the password of your router (follow the instructions above).
  2. We recommend you use OpenDNS. Click on “Getting Started” and follow the directions.

That’s it for today — we hope you enjoy your week!