Pharming, a recently coined term, refers to a hacker's attempts to redirect traffic from a particular website to another similar, but bogus, website. These hackers try to steal individuals' personal information by mimicking a site that requests sensitive data, such as an online bank. This fake website displays an actual domain in the browser's address bar, implying that the users are actually where they think they are. The fake websites also duplicate the look and feel of the real website so closely that users often don't know the difference. These sites, similar to phishing e-mails, can lead to other scams and even identity theft. Many phishing e-mails are now easily recognizable, but that's just kid stuff in comparison to how easily pharming sites can fool users.
Think of these false sites as celebrity impersonators--they're not as good as the original, and taking a little bit closer look at these "impersonating" pages will tell you whether they're the real deal or not.
Take these simple precautions to prevent yourself from becoming a victim of pharming:
Before clicking on a link in a browser window, place your mouse
over the link and check the link's address that's displayed in
the bar at the bottom left of the window. Make sure that the
link address shown matches the one indicated on the page. If
the destination listed is not what you're expecting, do not
click on the link because it may be a scam. Instead, report this
site as a possible pharming site. There are two places you should
- Alert the real site that is being mimicked -- Most of the time, the real sites do not know their sites are being mimicked
- Alert the United States Computer Emergency Readiness Team -- Send the web address of the suspected site and a brief explanation of why you think it's a pharming site to firstname.lastname@example.org
If you encounter a site that appears to be mimicking a UR site, contact UR Information Security at email@example.com
- Check the website's certificate. If a hacker attempts to mimic a secure site, you will receive a message automatically from the browser that the website's certificate doees not match the address being visited. If you receive one of these messages, do not click "Yes" because it may be a pharming site. This is what one of these browser messages may look like:
- Check your web browser security
- Use only secure websites when entering personal information. These sites are denoted by the presence of a yellow lock icon or with a URL that begins with https:
- If you have your own home broadband router (ex: Linksys, D-Link, NETGEAR), be sure that you have changed the default password that came with the router to your own unique, strong password. If you have not changed it, hackers can easily guess the default since most home routers come with uniform default passwords.