What's pharming and how is it related to phishing?
Dave, I think I finally figured out what phishing is, and who the phish are, but I just bumped into another term, pharming, and was hoping you could explain it so I could figure out how they differ?
Nicely asked question! The "phish" in phishing, are us. (is this related to the famous line "we have seen the enemy, and he is us?"). Phishing is when a scam artist sends out a fake email message purporting to be from a legitimate financial organization like Paypal, eBay, Citibank, Wells Fargo, etc. They can be 99% legitimate messages, with the right logos, right paragraphs of information, and even what appears to be a completely legitimate URL for you to click so you can update your financial information before your account is closed (or similar).
Look at it more closely, though, and you'll find that while the message may show you the URL security.wellsfargo.com or cgi3.ebay.com or similar, the actual link you would be taken to is on a completely different server, often just a mysterious set of four numbers that comprise an IP address. Any email program worth its salt will show you the destination of an embedded link before you click on it, so look for that feature and double check before you click.
If you do click and blindly try to log in, you'll find that while you entered the right account and password pair, your login fails for some mysterious reason and you're asked to log in a second time, at the real site, without ever realizing that the first login was stored on the scammers site, ready for them to masquerade as you whenever they please.
So that's phishing. I've written about phishing here before, too.
Pharming is a new one to me too, and it's the bigger, more aggressive version of phishing. Imagine that you got a virus on your computer and automatically, every time you did a DNS lookup for the Washington Mutual site, it actually and deliberately handed out a bogus IP address instead, a fake site that was set up to look like the real site, but actually was a phishing 'mockup' of the real thing.
Now imagine a virus that's smart enough to only return that spurious result for a dozen queries, or one day, or a similar finite amount of time. When you realize something was peculiar and go to investigate, all traces are gone and you have no way of knowing if you were really scammed or not. Scary, eh?
The most heinous of these pharming scams is through what's called DNS poisoning, where a hacker actually gets into the legit DNS (DNS = domain naming system, by the way, it's how names are mapped to addresses and it's a critical underpinning of the Internet and Web) and hijacks a domain name.
Realize that one of the standard ways of avoiding phishing attacks won't work with a pharming attack: if you get email from eBay warning you to log in and update your information so your account isn't frozen, you can easily just type in "www.ebay.com" in your browser and know that you'll go to the real site. But if your local DNS lookup or - worse - a DNS server somewhere up the query chain is corrupted, even typing in the right domain name can lead you to a fake, bogus, criminal site.
It's almost enough to make you want to do everything by FedEx, isn't it?
The solution? There are a number that are being considered, but like many other spam and online scam techniques, it's really a mutually destructive arms race, just like those glorious paranoid days of the Cold War.
You can learn more about pharming at this article at WIRED. I hope that helps.
I just wish we could ban all these lowlifes that are corrupting the Internet and causing us to waste so much effort...
More Useful Computer and Internet Basics Articles:
✔ How do I blur my house on Google Maps Street View?
I was poking around on Google Maps looking at satellite views of my neighborhood and when I switched to street view, was upset...✔ Create a custom vanity URL for Kickstarter?
I was reading some updates on Twitter and saw someone had posted a URL that would let me see what projects they'd backed...✔ Export or Save Subscription List from Google Reader?
Just heard that Google Reader is going away this summer. That stinks! How am I supposed to read my RSS feeds? More importantly,...✔ Shrink or Reduce a Photo File Size on Mac?
I'm trying to upload some photos to a social media site and it's complaining that they're too big. They are, as they come...✔ Can I organize my Yahoo Mail with folders?
I've been on Yahoo Mail for years and while most of my friends are now on Gmail or their own Web-based email programs,...
Let's stay in touch!
Sign up for my weekly AskDaveTaylor Newsletter and you'll receive even more tech and gadget help right to your inbox, along with exclusive news and industry updates. It's good stuff. I promise!
I do have a comment, now that you mention it!
Check This Out Too...
Look for Answers
All Our Categories
Apple iPad Help
Articles and Reviews
Auctions and Online Shopping
Blogs and Blogging
Building Web Site Traffic
Business and Management
Computer and Internet Basics
d) None of the Above
Google Gmail Help
Google Plus Help
Industry News and Trade Shows
iPhone and Cell Phone Help
iPod, Sony PSP and MP3 Player Help
Kindle Fire Help
Mac OS X Help
Pay Per Click (PPC) Advertising
Search Engine Optimization (SEO)
Shell Script Programming
Tech Support Video Help
The Writing Business
Twitter, LinkedIn and Social Network Help
Unix and Linux Help
Video Game Tips and Help
Windows PC Help
Find Me on Google+
ADT on G+