|Summary: Users are redirected to malicious websites|
|Outcome: Theft, identity theft, fraud, compromised security|
|Addressed by ICANN Policy: N|
|Addressed by Legislation: Y|
|Related to: Phishing, Malware, DNS Hijacking|
Pharming utilizes "unauthorized changes to DNS entries which result in users being redirected to a spoofed, malicious website rather than the legitimate site they were attempting to reach." Like phishing, pharming is often used to steal private financial or personal information.
The practice of pharming is much less well known than that of phishing, and there seems to be some confusion on what is considered pharming vs. phishing. However, the concept of pharming is viewed by the public very negatively and is also frequently associated with criminal intent.
This practice can result in identity theft, fraud, and hacking.
Frequently, the goal of pharming is to gain access to personal information, and this goal can be accomplished in multiple ways. Pharming can use malicious code to change a computer's host files in order to direct the user to a fake website that looks like the site they were trying to reach. It can also attack the DNS server directly through DNS hijacking or DNS cache poisoning, which allows pharmers to send users to websites they control.
- DNS hijacking or DNS cache poisoning is viewed as a large security threat because the website's URL looks exactly like it is supposed to, which can trick the user into thinking they are on the real site. Pharming that uses DNS hijacking also will not be detectable with anti-malware software "because nothing need be technically wrong with the end users' computers." Additionally, in this kind of attack, many computers and networks can be sent to the pharmer's fake site through the compromised DNS server.
- In some cases, DNS cache poisioning has been associated with forms of Internet censorship, where the DNS information of censored websites are redirected to an approved source. For more information on DNS hijacking and cache poisoning, see the Additional Resources section.
- The use of DNSSEC or DNS Security Extensions may help guard the DNS from attacks and artificial manipulation, like those used in pharming. The goal of DNSSEC is to limit an "attacker's ability to redirect users using the DNS." In order to do this, DNSSEC employs a digital signing system so that each DNS record or entry in the root zone can be verified as genuine. This system would allow people to identify pharmed or poisoned records.
There is no legislation directly addressing pharming in the US; however, as its outcomes can be very similar to phishing, pharming does fall under some state anti-phishing laws. For example, in Utah phishing, pharming, and other Internet frauds are addressed in one bill. Also, because pharming concerns the theft of sensitive personal or financial information, it can be viewed before the law as fraud, identity theft, or in the case of a spoof website, trademark infringement.
Awardees monitor and guard against security threats, such as pharming.
- Learn more about How DNS Cache Poisoning Works with these slides or the corresponding article.
- Read tips on How to Avoid Pharming Websites
- Find out How to Report Pharming to the FTC
- Pharming by Tony Bradley, About.com
- ‘Pharming’ scams, Scam Watch (Commonwealth of Australia)
- Definition: Pharming, Search Security (TechTarget)
- How DNS cache poisoning works by Bob Halley (October 20, 2008), NetworkWorld.com
- DNSSEC – What Is It and Why Is It Important?, Internet Corporation for Assigned Names and Numbers (ICANN)
- DNSSEC, Internet Corporation for Assigned Names and Numbers (ICANN)
- Meet the Security and Stability Advisory Committee (SSAC), Internet Corporation for Assigned Names and Numbers (ICANN)
- Phishing, Pharming and Other Internet Fraud: Should States Follow Utah's Approach? (May 3, 2010), Miller Canfield