Pharming is a specific type of identity theft crime that involves websites and online internet fraud. Pharming scams reroute a website to a fake or fraudulent website where a hacker steals personal information from the victim.
Depending on the website, the person may be redirected to a page that asks for their social security number, date of birth, and other personal information. There may be a message stating that the person must provide the information to continue. The hacker may then use the information to commit identity theft crimes, such as stealing money from bank accounts, using credit cards, etc.
How Does Pharming Work?
Phishing exploits the basic concept of internet browsing – an internet address, such as www.google.com, must be converted into an IP address by a DNS server before the connection can be established.
Pharming attacks this process in one of two ways:
- A hacker may send malicious code in an email that installs a virus or Trojan on a user’s computer. This malicious code redirects traffic away from its intended target and toward a fake website by changing the computer’s host file. As a result of malware-based pharming, no matter whether you type the correct internet address, the corrupted host’s file will redirect you to a fraudulent website.
- In addition, the hacker may use a technique known as DNS poisoning. Pharmers can modify the DNS table in a server, causing users to visit fake websites instead of legitimate ones accidentally. DNS stands for “Domain Name System.” Criminals can use false websites to install viruses or Trojans on users’ computers or steal personal and financial information.
Due to their position on an organization’s network and behind its defenses, DNS servers are harder to attack. Still, DNS poisoning can result in a large number of victims of cybercriminals. DNS poisoning can also spread to other DNS servers. Whenever an internet service provider (ISP) receives information from a poisoned server, the corrupted DNS entry can be cached on its servers – spreading to more routers and devices.
Pharming attacks are dangerous because they require minimal action from the victim. The affected user may have a completely malware-free computer but still become a victim of DNS server poisoning. The misdirection happens after the computer sends a connection request, so even taking precautions such as manually entering the website address is not enough.
Pharmers either use your personal information themselves or sell it to other criminals on the dark web once they have obtained it.
How Are Phishing and Pharming Different?
Phishing and pharming scams share some similarities, but they are not the same.
In phishing, cybercriminals send emails that appear to come from reputable organizations. Emails contain malicious links that direct users to fake websites where they enter personal information. If you submit this information, fraudsters can use it for criminal purposes.
Unlike phishing, pharming does not involve enticement.
Pharming involves two stages. First, hackers install malicious code on your computer or server. Furthermore, the code can trick you into providing personal information via a fake website. You do not have to click on a fraudulent site for computer pharming to occur. You are instead automatically redirected there, where farmers can access your personal information.
In contrast to phishing, pharming doesn’t rely on a lure to get your financial information. As a result, pharming is often described as “phishing without a lure.” It is more dangerous than phishing since it can affect a large number of computers without any conscious effort on the part of the victims. Pharming attacks, however, are less common than phishing attacks because they require significantly more effort on the attacker’s part.
Pharming Examples
Venezuela experienced a notable pharming attack in 2019. Venezuela’s President made a public call for volunteers to join a new movement called “Voluntarios por Venezuela” (Volunteers for Venezuela). This movement sought to connect volunteers with international organizations providing humanitarian aid to the country. A website asked for volunteers’ full names, personal IDs, phone numbers, addresses, and other details during the sign-up process.
Within a week of the launch of the original website, a second website appeared. The domain name and structure were almost identical. This, however, turned out to be a fake. In Venezuela, both real and counterfeit websites resolved to the same IP address, which belonged to the owner of the fake domain. In other words, regardless of whether the user opened the real or fake website, their data would end up at the fake one. They resolved to a different IP address outside the country.
Phishing emails purporting to be from Brazil’s largest telecom company were sent to users of UTStarcom or TR-Link home routers in 2015. The links in the emails downloaded pharming malware designed to exploit router vulnerabilities and change the router’s DNS settings.
In 2007, over 50 financial companies across the US, Europe, and Asia were targeted by one of the most significant pharming attacks recorded in history. Hackers created an imitation web page containing malicious code for each targeted financial company. Consumers’ computers were forced to download a Trojan horse from the websites. Any subsequent log-in information from the targeted financial companies was collected. There are unknown numbers of victims, but the attack lasted for three days.
Pharming Signs and Symptoms – How to Determine If You’ve Been Harmed
Symptoms of pharming include:
- Unrecognized PayPal or credit or debit card charges
- Social media posts or messages that you did not post
- Unsolicited friend or connection requests from social media
- Your online accounts’ passwords have been changed
- Uninstalled or newly downloaded programs appear on your device
The following steps should be taken if you think you have already been affected by pharming malware or a pharming attack:
- Make sure your DNS cache is cleared
- Make sure your device is secure by running your antivirus program
- If you believe your server has been compromised, contact your ISP
- Make sure all your online accounts have new passwords
- You should follow the fraud reporting procedures for your online banking, email, and social media platforms.
Are There Legal Consequences to Pharming?
Yes. As with many other white-collar crimes, pharming can lead to misdemeanor or felony charges. The defendant may be charged with federal and state crimes, resulting in a jail sentence and fines.
Furthermore, hacking into a government website or tampering with government pages can often lead to federal felony charges. People who have lost money due to pharming scams may also file civil lawsuits against the defendant.
What Are Other Types of Crimes Related to Pharming?
Pharming can also lead to other types of crimes. A common aspect of pharming is the theft of virtual or online information. For instance, pharming may be used to begin the initial phases of internet securities fraud. When a person falls victim to a pharming scheme, their securities may be compromised. Businesses and companies can even be affected by this.
Other types of cybercrime can occur, such as bank account hacking, mortgage fraud, etc. Essentially, pharming plots can affect any type of online information. Therefore, you should only visit trusted websites. Verify that the site and company are legitimate before providing your information.
Do I Need a Lawyer for Help With Pharming Lawsuits?
Pharming can occur in many forms and constantly evolves as fraudsters find new ways to trap consumers. You may need to hire a fraud lawyer if you need to file a lawsuit or if you need to file a criminal report for pharming. In addition to representing you in court, your attorney can advise you on your legal rights and options.
