What Is Pharming? | Absolute Beginners Guide to Security, Spam, Spyware & Viruses

What Is Pharming ?

Even if you think phishing scams are as obvious as angry cats, there's one scary new form of scam that even an expert can be fooled by. It's a technique called pharming that, when perpetrated, is invisible to web surfers until it's too late.

In a nutshell , here's what happens: You tell your web browser to open a website. It is secretly directed to a fake website that looks just like the original. And this all happens without any clue that you're being duped.

To understand how pharming works, pretend that surfing the Internet is like visiting the zoo with your niece.

You say to her, "What shall we see first?"

She says, "Let's go see the monkeys !"

So you take her up to the information booth and the nice information officer tells you to follow the banana signs. So you both follow the banana signs until you get to the monkey house.

That's kind of how the Internet works now. When you type a web address into your web browser, your browser makes contact with a domain name service (DNS) server, which is a kind of Internet information booth. The browser gives the DNS machine the destination requested . And in turn the DNS server (like the information booth officer) looks it up in the DNS cache. What comes back is a numerical address called an Internet Protocol (IP) address. The web browser uses the IP address to contact the correct server (a computer that contains a website) you want to visit.

In the case of pharming, the information booth officer has been fooled. He's been given the wrong map by the evil marketing guy at the zoo who wants everyone to go to the gift shop. So when you ask for directions to the monkey house, the information officer looks at his map and sees that the monkey house can be found by following the cabbage signs. That doesn't seem right, but that's what the map says so those are the directions he gives you. (Actually the DNS server isn't smart enough to question the information. It just hands it out.) So you end up at the gift shop. To further the scam, the gift shop might even be decorated like the monkey house with banana wallpaper and stuffed monkeys.

Caution

There's not much you can do as an individual to defend against pharming. It's a problem being dealt with by Internet service providers and the telecommunications companies and organizations that own the DNS equipment on the Internet.

Pharmers poison a DNS server by changing its cache so it stores the wrong IP addresses (see Figure 4.5). So when you browse to your bank's web page, the DNS server that translates your bank's dotcom address will hand back the wrong IP address. Your web browser takes you to a fake bank site that looks like your bank but is run by a pharmer.

Figure 4.5. Pharmers can poison a DNS server with a bad IP number so when your web browser asks for the correct numerical Internet address of your bank (for example), it gets sent the IP address of a fake bank site.

What's alarming about pharming (besides that awful rhyme ) is that it can cause a large group of innocent people to be herded off to bogus websites and scammed. Even scarier, during this process your browser displays that you are visiting a correct site even though it's bogus .

Look out for 419 Scams!

One of the most common email scams is what's called a Nigerian 419 scam or advanced fee fraud. It's named after a part of the Nigerian penal code (section 419) that relates to fraudulent schemes.

Here how it works: An email (although in the past mailed letters or faxes have been sent) arrives from someone outside your country, often claiming to be from Nigeria (see Figure 4.6) or some other African nation, and sometimes from other countries . The person sometimes portrays himself or herself as a family member of a deposed Nigerian powerbroker, a Nigerian oil executive, or some other person who has access to oodles of trapped cash.

Figure 4.6. This example of a Nigerian 419 scam uses the guise of an English barrister representing a Nigerian national.

The author admits that they don't know you, but explains there is a substantial amount of money squirreled away that needs to be moved. If you help, you can keep a big chunk of it, usually millions.

If you bite and open a correspondence with the scam artist, you're led by your email address down a path that results in a request for money. It could be for bribes, taxes, or other fees that the scammer needs to help lubricate the system so the money can be freed. After the first payment the correspondence abruptly stops or you're told complications have set in and a further request for funds is made. This continues until you're tapped out or you get wise. There are also stories (although I couldn't verify them) of victims traveling to Nigeria to help further the transaction and the trip ends with kidnapping , theft, and even murder.

To see a collection of Nigerian 419 letters, check out http://axiusnews.com/scampost/.