Pharming: How You Can Beat This Growing Threat

Two fairly simple steps you must take to protect yourself from a dangerous computer attack called pharming: Internet ScamBusters #274

Today we tell you about an Internet security threat you probably
know nothing about — and we recommend you take two actions
that are very important to protect yourself.

By now you know about phishing. However, you probably haven’t
heard about pharming, a cunning, fairly new way of directing
you to spoof sites or even of taking control of your PC in a
way that can’t be spotted or stopped by Internet security
software.

We’ll explain the two key ways in which pharming works, and
what you can do to beat them — including what you must do to
protect yourself if you have a home network.

Before we begin, you may want to spend a moment looking at this
week’s most popular articles from our other sites:

Can You Negotiate Your Own Credit Card Debt Settlement? If you really want to settle your
href="http://www.creditcardtipsetc.com/can_you_negotiate_your_own_credit_card_debt_settlement.html"
target="_blank">credit card debt, here are some
things to keep in mind.

Beware of Photo Sharing Email Scams: Protect yourself from href="http://www.photosharingnuggets.com/2008/02/beware-of-photo-sharing-email-scams.html"
target="_blank">photo sharing email scams with these common sense
tips.

Money Saving Tips You Never Knew About: href="http://www.consumersavvytips.org/more_money_saving_tips_for_our_savviest_consumers.html"
target="_blank">Money-saving tips and strategies you might not be using
yet… but you should be!

3 Ways To Recession-Proof Your Finances: href="http://www.consumertipsreports.org/3_ways_to_recessionproof_your_finances.html" target="_blank">Recession tips to help you prepare for the
worst… just in case.

Now, here we go…


Pharming: How You Can Avoid This Growing Threat


First we had phishing, now we’ve got pharming — a newer
buzzword in Internet scams and a computer attack threat that’s
especially dangerous for people who use home networks.

Why? Because even the best anti-virus software and firewalls
can’t detect or stop pharming once it hits your system.

Phishing vs. Pharming

Let’s start by explaining the difference between phishing and
pharming.

“Phishing” is when you get what seems to be a legit email
inviting you to click a link that takes you to a website that
also looks genuine. In fact, it’s a spoof, set up to look like
your bank or PayPal or some other site you trust, that asks you
to key in your user name, password or other important
information. Then they’ve got you; you’re hooked and ready to
reel in!

ScamBusters subscribers already know never to click these types
of links. Instead, you should open your browser and navigate to
the website from there.

If you’re not familiar with phishing, you can read more about it
at Phishing Scams:
How You Can Protect Yourself.

But here’s the killer…

“Pharming” happens when you actually do key the correct address
into your browser and still go to a spoof site. Now, that is scary.

How does it happen? It’s all down to the way the Internet
works.

When you type a website address into your browser — let’s say
www.scambusters.org — the browser, via the Internet, contacts
an international computer directory (DNS) server that looks up
this name and converts it to a sequence of numbers, which is
actually its real Web address.

It’s like when you make a phone call. If you want to call Mrs.
Doe, knowing her name is not enough. You need to look up her
number in a directory and then key that in. It’s the same with
the Internet — but instead of a phone number your browser
needs this special sequence of numbers for the site you want.

This special sequence is called an Internet Protocol (or IP)
address and every website and computer has an IP address, even
yours, that uniquely identifies it on the Internet, just as
your phone number uniquely identifies you.

Incidentally, you can find your current IP address by visiting href="http://www.whatismyip.com" target="_blank" rel="nofollow">Find My IP Address
Lookup.

The First Type of Pharming

Awhile back, hackers and scammers found a way of breaking into
and altering the directory servers so that when your browser
asked for the IP address of a site you wanted to visit, the
server gave the wrong number and directed you to a spoof site
that, of course, looked like the real thing.

The possible harvesting of vast amounts of information this way
from unsuspecting victims earned its name — pharming.
Fortunately, it’s never happened on a huge scale because of
security being tightened on the address directory servers
themselves.

But this kind of pharming threat remains and, for now, the
simple way to avoid it is to follow a rule we’ve given here
many times before: Look for a security sign on any website
where you’re being asked to provide sensitive or confidential
information. This will be signaled by a letter “s” as in “https” in
the address box of your browser and/or a padlock icon.

Pharming scammers don’t spoof the security setting. If they try
to, by inserting a phony “s” or a padlock, you’ll get a warning
that the site may not be what it appears to be. If you get this
warning, don’t click “Continue”! (The site could well be
legitimate with this warning since sometimes legitimate sites
aren’t configured properly, but you need to be EXTRA careful.)

Perhaps the best recommendation we can make on dealing with
this aspect of pharming is to use OpenDNS for your computer and
router
. We’ve been using them since they started.

What is OpenDNS? Among other things, OpenDNS is a powerful
tool for combatting phishing and pharming. It works by
providing a safer and faster DNS service, providing an
alternate to your ISP’s DNS service.

OpenDNS
maintains a current list of malicious sites, and blocks access to
these sites when you try to access them through their service.

The Second Type of Pharming

Unfortunately, that’s not the end of the story. There’s another
more deadly form of pharming that’s starting to show up.
Instead of attacking the IP address of directory servers, the
hackers have found a way to invade home and small business
networks and do their pharming there.

It works something like this: You visit a shady website — of
course you may not know it’s shady but then you also know that
there are some that definitely are!

The website, set up for pharming, reads the IP address of your
network, which is publicly visible, and from that can quickly
guess what the specific IP identity of your network router is.

Then it guesses the router’s name and password, logs on and
reprograms it. That’s an awful lot of guessing but, sadly, many
home network users make it easy for pharming criminals by
leaving the network name and password unchanged from when the
router was made.

For example: how many users have a network that is called
something like Linksys or Dlink, the same as the brand of
router they’re using? Quite a lot, in our experience. And if
they haven’t changed the name of the network, chances are they
haven’t changed the password either.

Let’s guess — it’s “admin” isn’t it?

You don’t see a thing happening. When the rogue page you’ve
summoned pops up on your screen, it starts to run an invisible
program to unlock your router.

Then, you’re in trouble. Your Internet security software can’t
spot what it’s doing — it’s not a virus. And it’s too late for
your firewall to stop it — you requested the page right under
its nose!

This means that the pharming criminal can control your
computer, turn it into a “zombie,” install a key logger or
redirect you to a spoof website when you key in a legit
address.

You’ve basically given him the key to your network door.

Actually, a hacker can even sit in a car outside your house and
log on to an unprotected wireless network, again using the
default name and password, and take control that way.

Below we give you specific actions you can and should take.

So, the message is clear: If you have a home or small business
network that uses a default name and password, you should
return the device to its original factory settings and then
change the name and password when you set it up again.

If you don’t know how to do this, there’ll be an explanation in
your router manual. And if you can’t find that, visit the
router manufacturer’s website and find out how to do it.

In addition, here are some useful articles on changing your
router password.

Ask Leo’s: href="http://ask-leo.com/change_your_password_no_not_that_one.html"
target="_blank">Change Your Password – No, not that one…

For Linksys:
I forgot my LinkSys Router Password

For DLink:
href="http://www.ehow.com/how_2091714_set-up-dlink-wireless-router.html"
target="_blank" rel="nofollow">How to Set up a D-Link Wireless Router

That way, you’ll shut out the pharming community, so you can
“graze” the Internet in peace!

To learn more about firewalls and network security, check out
the ScamBusters article href="http://www.scambusters.org/Scambusters41.html">Privacy Starts
With You.

You can find out more about pharming by visiting href="http://www.pharming.org/index.jsp"
target="_blank">Pharming.org and
following the links there. They include a link to a radio
interview with pharming expert, Stanford University professor
Neil Daswani.

There’s also an interesting href="http://en.wikipedia.org/wiki/Pharming" target="_blank" rel="nofollow">pharming
Wikipedia article — though it’s a
bit techie.

Summary: Two Actions You Should Take to Guard Against Pharming

  1. Change the password of your router (follow the instructions
    above).

  2. We recommend you use target="_blank" rel="nofollow">OpenDNS. Click on “Getting Started”
    and follow the directions.

That’s it for today — we hope you enjoy your week!