| Home | About | Services | Resources | Contact | News |

Pharming

Fact Sheets

Mailing List Information

Information about Facebook.com

OIT - Security

Campus Resources

Online Resources

|

|

|

What is pharming?

Pharming is when a thief redirects a user from a legitimate website to a malicious one even when the user is typing in the correct web address into the browser. The bogus sites will most likely look and feel identical to the intended site so that when users type in their username and password their information is stolen.

A pharmer does this by taking advantage of vulnerabilities in the Domain Name Server (DNS). For example when you type in www.nethics.umd.edu this request goes to a DNS server which then locates the registered internet protocol address for Project NEThics.

Pharmers have used this vulnerability to 'poison' DNS servers. If the DNS server and directory is poisoned then users can be brought to a bogus website even after typing in the correct one. DNS poisoning is not a new phenomenon and has been around for over ten years, however with the rise in internet banking and online shopping this has become more of a threat to users of the internet.

Pharming has not yet become as popular as phishing.

 

How to avoid pharming scams

Make sure that all your anti-virus and anti-spyware software is up to date.

Exercise caution over running unfamiliar programs.

Use a firewall on your personal computer.

When transmitting your credit card and bank information online make sure it is through a secure server. Look for the lock symbol on the bottom of the screen. Also look for "https" in the address bar, the S stands for secure.

 

What to do if you have been tricked

Step 1 - Contact all financial institutions in writing and by phone (banks and credit card issuers).

  • Close all credit and debit cards you believe an identity thief has gained access to.
  • Put a stop payment on outstanding checks which may have been written without your permission.
  • Open up new accounts with new pin numbers.

Step 2 - Report the fraud with the three main credit reporting companies to place a fraud alert on your credit file.

Step 3 - File a police report.

Step 4 - Contact the Federal Trade Commission (FTC) to report the situation. Other offices you may want to consider contacting include:

  • Social Security Administration if you believe your SSN is being used.
  • Internal Revenue Service
  • Post Office

Please visit this Antiphishing.org link to find out all different types of advice if you gave away personal information: http://www.antiphishing.org/consumer_recs2.htm

 

Reporting pharming scams

Pharming can be reported to the FBI's Internet Fraud Complaint Center. You can file a complaint online at www.ic3.gov.

 
Find out more about
ID theft scams

Phishing

Pharming

Evil Twins

 
colsm
logosm
  
       
How are we doing?

This page is maintained by the Office of Information Technology
Questions and comments: http://www.oit.umd.edu/AboutOIT/contact.html
Last modified: Wednesday, March 19, 2008
© 2004 University of Maryland

 University of Maryland
Office of Information Technology University of Maryland