How to Prevent Pharming

By Jennifer Martinez

Pharming? Phishing? What's the difference?

Many of us are now familiar with so-called phishing scams. The phishers drop the bait -- seemingly legitimate emails from financial institutions, banks or places we shop -- claiming the institution has suffered a breach in security. You are asked to reply to the email and provide your private information. Or, you're asked to click through to a web site that looks like the real thing, but is really a fake. There, you are asked to type in your personal information. The result? Criminals can steal your identity or money, invade your computer with annoying adware and spyware and attack your computer with damaging viruses, worms and Trojan horses.

But by now, hopefully, we're all getting wise to phishing scams and not getting hooked. Instead of falling for a phishing email, most people have learned to delete them or call their bank to confirm what's going on, or to report a phishing scam.

Pharming, however, is sneakier. Here's how it works: When you type legitimate URLs into your web browser's address bar, pharmers "hijack" your computer and re-route you to a bogus site that looks identical to the one you're trying to reach or have had bookmarked for years. In other words, you're taken to a fake site without even knowing it's a fake.

Anyone who uses the Internet and has online banking, credit card and shopping accounts is vulnerable to a pharming attack. Still, there are ways to avoid being duped by pharmers. Here's how to protect yourself against these scam artists.

Step No. 1: Know how pharming works  Pharming redirects Internet users from legitimate web sites to malicious ones using a strategy called DNS cache poisoning. The pharmer covertly hijacks your computer and takes you to a copycat web site. The fake site is usually a page that looks identical to that of your bank, financial institution, eBay or Amazon. From this point, the web site asks you to submit your vital passwords and financial information, which pharmers ultimately use to steal from you.

Step No. 2: Verify a web site is legitimate  Internet service providers (ISPs) are working hard on their end to filter out pharmed sites. The main thing you can do to protect yourself on your end is to make sure the web site is authentic. You need to use more than one method to stay ahead of the pharmers. Remember, most of these authentication methods are set up to work only on web pages where you're asked to enter your personal information:

• Use a trusted, legitimate Internet Service Provider. Rigorous security at the ISP level is your first line of defense against pharming.
• Check the web browser's URL address that appears in your web browser. Look to make sure the address is correct. For example, when you type a web site URL, you should see that address in the browser address window.
• Check the http address. When you get to the page where you're asked to enter personal information, the http should change to https. The "s" stands for secure.
• Verify the certificate of the site. It takes just a few seconds to tell if a site you land on is legitimate. On the latest version of Internet Explorer and on many other commonly available web browsers, go to File in the main menu and select Properties. Click Certificates, and check if the site carries a secure certificate from its legitimate owner.
• Look for a padlock or key on the bottom of your browser window or on your computer task bar. A locked padlock, or a key, indicates a secure, encrypted connection and an unlocked padlock, or a broken key, indicates an unsecured connection.

Step No. 3: Get extra protection  Install an antivirus program from a trusted security software provider to reduce your exposure to pharming scams. Use a personal firewall to protect your data from hackers, viruses, worms and Trojan horses. And download the latest security updates (or patches) for your web browser and operating system.