By now, most people have gotten hip to phishing, pop ups and even, thanks to an episode of The Good Wife, ransomware. People know how to spot these scams and how to keep them (most of the time) from infesting their computer with malware. Unfortunately, as consumers have gotten wise to each new type of threat, the hackers who invent them have gotten cleverer and invented new ways to infect your system, steal your identity, etc. The latest threat is known as pharming.
Pharming, according to Techopedia, is where a hacker or other nefarious type, exploits weaknesses in your DNS software and then forces your computer to load a fake website that has been built to look exactly like the site you were searching for or hoping to visit. So, you go to Google, type in something that you’re looking for and then click on the seemingly safe link in the search results. Then your computer loads what looks exactly like the site you clicked on. Only, because you have this malware in your system, it’s not the legitimate site. It’s a dummy or copycat site that is designed to get your login information and any other information it wants.
What’s worse is that sometimes this pharming malware isn’t on your computer at all. Most standard malware checkers can protect your system from infection. What’s worse is that, more and more often, the malware has been inserted into already existing sites. For example, The Register recently reported on an attack on sites that run WordPress: Hackers set up a copycat Pirate Bay site and then inserted redirect code for that site into a slough of WordPress sites. People would try to visit someone’s blog and be redirected to (Not Actually) Pirate Bay, which was loaded with a Flash exploit that allowed the hackers to insert a banking trojan into Windows machines.
Pharming is similar in nature to a scam called ClickJacking. ClickJacking, says Trend Micro, an Internet Security software company, is where hackers trick social media users into clicking on what seems like a perfectly innocent link in their feed but turns out that the site linked is hiding malware behind it’s content. ClickJacking, according to this article on the Trend Micro Blog, is one of the biggest online scams out there.
Gross, right? How are you supposed to trust any site on the internet ever if there are jerks out there making copycat sites filled with trojan malware and identity theft mechanics? How will you ever know that you’re on the right site?
Before you pull a Ron Swanson and toss your computer in the dumpster, you should know that there are things you can do to protect your computer and your identity.
1. Only Use a Trusted ISP
There are lots of bargain companies out there that will offer you internet service for a fraction of what the major corporations cost. Before you dump the big kids for the little indie guys remember that new companies–especially those that slash their prices–often cannot afford the high levels of security that are needed to keep pharmers from setting up shop.
This is also true for any hosting provider you might be thinking of hiring to host your family or company website. Make sure they have the highest possible security measures in place before agreeing to host your content there.
2. Mind the Details
Any page that requires you to enter personal information should be https:// not http://. Always look for that little “s.” It’s just one character but it’s the most important in the URL! Also: double check the spelling in the URL field. A lot of hackers will use common typos to mask their URLs hoping that people will land there by mistake. And don’t forget to look for the padlock graphic in the bottom of the screen!
3. Check the Certificate
Every site has a security certificate. Use your web browser to verify that the certificate listed where you land checks out.
4. Keep Your Malware Software Up to Date
In spite of the fact that we’re just starting to hear about it, pharming has been around for a while. Make sure that you have solid and updated internet security software on every computer you use–including your smartphone! Update it regularly and make sure that it has all of the latest definitions and threat protocols downloaded.
5. Be Vigilant
Never click through emailed links that tell you to visit your bank, your web host, ANYTHING. Go to the company site directly and log in there! Or, better yet, call the company on the phone!
The point is that you don’t have to be a sitting duck. By staying aware and minding your details you can keep the pharmers away.
Note: This is a post from one of our site contributors.