The internet is too much sometimes: you answer emails, browse the web, scroll social media, get messages, and so on. All these can make you let your guard down, which is what scammers want. Especially when it comes to account takeover fraud. However, there are ways to prevent it, and Genome‘s team is ready to share our insights. What is an account takeover? An account takeover (ATO) occurs when a malicious actor gains unauthorized access to someone’s personal account, varying from social media to a banking app. After that, the scammer steals the individual’s money or personal information. How serious
Among a plethora of online fraud and scams, some are more obvious than others. Unfortunately, this is not the case for the one we want to warn you about in this article.
This fraudulent scheme is called pharming, which can have devastating consequences for companies and individuals. The reason is that many people don’t even suspect that anything is wrong when encountering the pharming scam.
Genome’s team is here to help you stay vigilant – find out more about pharming and how you can recognize it below.
Pharming: definition of the term
If the word “pharming” reminds you of another fraudulent scheme, you will be in the right. Yes, phishing fraud is often associated with it and even forms a part of the “pharming” term, while the second part is farming.
So, what is pharming? Simply put, pharming scams occur when fraudsters create a fake website that is almost identical to an existing one. The criminals then manipulate the traffic to redirect the user to the fake website instead of the real one.
It is done so that the user fills in their personal information and credentials to access their account on the website, which they believe to be genuine. This data then gets stolen by criminals so they can use the person’s real accounts.
To better understand how the pharming attack occurs and why it can be so dangerous, let’s look at some examples.
Jen wants to take a break and browse her favorite social media. She enters the social media name into the browser’s search bar. What Jen doesn’t know is that the social media website was spoofed, and she was redirected to the fake website. And it is understandable, as the redirection process happens instantly behind the scenes.
Jen doesn’t care much that she was logged out of her account – maybe there was a glitch that caused that. Not assuming that anything’s wrong, she enters her credentials to log in again – and just like that, her credentials get stolen.
Jim saw good reviews about an online clothing shop and decided to try it himself. He opens the browser and starts the search by the store’s name. Unfortunately, the link he clicked on redirected Jim to the fake shop website.
But he doesn’t know that and starts looking around the website for a new pair of pants. And, when it comes time to fill out the bank card data – he does, and his information gets stolen.
As you can see from both examples, it can be easy to get oneself into the pharming scam, as a user cannot identify that they were redirected to the spoof website during the process.
You can enter the correct web address letter by letter, but pharming scammers can still redirect you to the fake website. For instance, you may type in www.linkedin.com and get to the almost exact copy of this website, only it will have a slightly different address, like www.linedim.com.
Moreover, adding websites that you visit regularly to bookmarks will not help either – a user can still become a victim of pharming.
Thus, the situation can become very severe if you, for instance, encounter a fake website of your financial provider. The data you share on it can be used to access your real bank accounts to steal your funds.
How pharming works
When you type in a website address, a DNS server needs to convert it into the IP address so you can connect to the website. This whole process is almost instant; you likely don’t even notice it. Pharming occurs when malicious actors find a way to manipulate this process to redirect a user to a fraudulent website.
To do so, criminals mainly use two techniques:
DNS poisoning. In cases like these, fraudsters attack the particular DNS server. If they can corrupt the server, criminals will make it so that website requests are redirected to fake websites they created.
Malware infection. Here’s where malicious actors directly target the user’s computer. They use deceptive tactics, including phishing, to trick people into downloading malware (computer viruses, to put it simply). This malware will alter the computer settings, allowing fraudsters to redirect the user to a malicious website.
Phishing and pharming: what is the difference?
A quick reminder: Phishing is a fraudulent scheme in which criminals use different communication channels (emails, messengers, texts, voice messages, etc.) to contact people. Their goal is to deceive people into revealing their personal information. Scammers will later use this data to access a person’s accounts to obtain funds or other sensitive information.
When comparing phishing and pharming, they don’t have much in common except for their purpose. Both aim to get sensitive data from individuals to use for malicious purposes.
The differences, however, are much more substantial:
- The execution. Some pharming schemes may use phishing techniques at first. For instance, scammers might send a person a phishing email to trick them into downloading malware to corrupt their PC/other gadgets. But, the core of their scheme is the website redirection techniques and the creation of spoof websites.
- The level of complexity. Pharming scams are more sophisticated and difficult to pull off. Meanwhile, phishing remains one of the most widespread fraud schemes, partly because fraudsters don’t need to be too tech-savvy to perform them.
- The level of detection. Sadly, pharming scams are much harder to recognize – as mentioned before, the process that redirects a user to a fraudulent website can’t be detected by the naked eye. However, there are ways to recognize such malicious websites. More on that – below.
How to recognize a pharming fraud
Unfortunately, almost any website can be spoofed, even Genome. Thus, individuals and companies must always stay vigilant when browsing the internet.
Our team has some tips on determining if the website you accessed is fraudulent or not and if you have already become a victim of fraud.
- The first thing you absolutely must do when opening a website is to take a close look at its URL. Make sure that it matches the website name you intend to visit if you know it.
- If you don’t know the exact URL of the website, make sure that the website you are currently on has an SSL certificate. If it does, its URL must start with “https” or have a padlock icon on the left, next to the URL.
- Check the website domain. The real websites will likely use wide-spread domains, such as “.com,” “.org,” and “.eu” (or any other country-based domain). If the URL ends in gibberish, be suspicious.
- Look closely at the website’s layout. Fake websites might contain grammar mistakes, misplaced visuals, pages that don’t work, etc.
- Pay attention to pop-ups: scammers will want to steal your data as soon as possible and might create pop-up notifications that encourage you to provide information under the guise of a lucrative deal or identity verification.
- Note the behavior of your antivirus and/or browser – you may get a notification that the website you are currently visiting is suspicious.
- In addition, closely monitor your activity on other websites. Do not ignore messages that state that you have signed in somewhere – make sure it was you who logged in.
- Check your financial statements regularly to detect suspicious transactions you don’t remember making.
- Do not click on any links or download anything when receiving messages or emails. Confirm that the message came from someone you know first.
How to avoid pharming scams
- Install an antivirus on every device you use to surf the web.
- Only use websites that start with “https” or have a padlock icon next to the URL.
- Check the website URLs for typos and note their overall look.
- Always turn on multi-factor authentication (2FA) for all your websites and accounts. For instance, Genome has 2FA enabled by default to ensure our clients’ safety.
- Update your personal computer and other devices regularly.
- Use strong passwords for all your accounts and your home router.
- Get a VPN, it will allow you to encrypt your data when browsing the internet.
- If you suspect something is wrong about a website you regularly use – it looks odd, has glitches, has bad grammar, and many strange pop-ups – contact the support team via channels you are 100% sure are legit.
In addition, we would like to assure you that Genome’s team abides by all major regulations to protect our website and our clients’ data and funds. You can always contact us at email@example.com if you worry that you have encountered a fake Genome website.