What is Pharming?
Pharming is a cyber attack intended to redirect a website’s traffic to another, fake site. This is very similar to Phishing but instead of using emails a Pharmer exploits the users PC to automatically direct them to fake sites. Pharming requires unprotected access to attack a computer. Pharming is become a major concern to businesses hosting ecommerce and online banking websites because these have become to more popular type of Pharming. The intention behind Pharming is acquire credit card details or other information for online identity theft.
What types of Pharming are used?
Well technically Pharming is a type of Phishing so there aren’t a number of techniques used. Pharming mainly involves illegally compromising someones computer, whether it’s a home computer or business computer, and directing them to fake sites.
What anti-Pharming Techniques should I use?
Server Side Software
This is mostly used by enterprises to protect their customers and employees who use internal or private web-based systems from being Pharmed and Phished. This is basically a security type software that helps protect your server and those who are using it.
A DNS (Domain Name System) protection mechanism helps makes sure that a specific DNS Server cannot get hacked and used for Pharming attacks.
Web Browser Add-ins
This is similar to Server Side Software but instead of it protect the whole server and everyone who is using it, it merely protects and a single person or whoever uses that specific computer.
Secure Web Connections
This is currently the most efficient way to prevent Pharming. It involves end users making sure that they are using secure web connections (HTTPS) to access privacy sensitive sites such as banking or taxing sites. This method uses valid public key certificates that are issued by trusted sources. If the certificate is unknown or expired then it will not be accepted
This plays a very good role in anti-Pharming. This is a law that was made in March 2005 that proposes a five year sentence or fine for people who execute Phishing attacks and use the information gathered through online fraud to commit crimes such as identity theft.
For Basic Home Users
If you are just a home user that have a normal modem or router then probably the most effective defense for you to do is to change the password on the router to something other than the default, making it something that is not easy to figure out through a dictionary attack (an attack that uses a long list of possible passwords that are used.