Pharming (pronounced "farming") is another form of online fraud, very similar to phishing. Pharmers rely upon the same bogus Web sites and theft of confidential information to perpetrate online scams, but are more difficult to detect in many ways because they are not reliant upon the victim accepting a "bait" message. Instead of relying completely on users clicking on an enticing link in fake email messages, pharming instead re-directs victims to the bogus Web site even if they type the right Web address of their bank or other online service into their Web browser.
Types of Pharming Attacks
Virus or Trojan to modify hosts file
A host file resides on the user's PC. This text file is used to relate web addresses (URL) to IP addresses (string of numbers). Pharmers modify the hosts file so when a user types in the web address of well-known banks or financial institutions, they are directed to a phishing site instead. The pharmer doesn't have to rely on the user clicking on a link in an email.
DNS Cash Poisoning
DNS has replaced hosts file. A DNS server turns web addresses into IP addresses. When a user types in a Web address it is looked up on a DNS server. If the DNS server doesn't know the corresponding IP address, it asks other DNS servers. If a phishser has sent an email that contains a link to a phishing web site, this information is included with the Web address for the legitimate web site.
How Pharming Works
A phisher will attack a DNS server and change the IP address of a legitimate site (e.g., www.realbank.com) to an IP address of a pharming website that looks just like www.realbank.com.
The user will try to go to the website by typing www.realbank.com in the web browser.
The user's computer asks the DNS server for the IP address of www.realbank.com.
The DNS server has been corrupted, so it sends back the address to the fake website.
The user is sent to the pharming website that is controlled by the attacker.
Once on the fake website, the user may be tricked into revealing their user ID and password or other personal information.
The phisher can now use that information for identity theft.