Pharming crimeware misdirects users to fraudulent sites or proxy servers, typically through DNS hijacking or poisoning. The fraudster can either change the hosts file on a consumer’s computer or typically, the criminal can somehow get into an ISP’s server and change the web site’s IP address so that when you type in a web site name, it goes to the criminal’s web site and not the official site.
This type of attack is not common and many ISPs have upgraded their software to prevent pharming since it’s introduction.
Example: The fraudster sets up an 800 phone line to have people call in. They mail (yes, snail mail) bogus postcards or letters to victims and have them call the telephone number. Once the victim calls the telephone number, the victim provides all the typical information needed to validate an account. In the mean time, the fraudster collects what is needed and the victim is assured things are fine based on the validated information. The sad part is that the victim actually is completely unsuspecting that anything fraudulent occurred since they personally called the telephone number rather than receiving a call. It is also more assuring that the inquiry was via the mail. Based on simple marketing metrics for response rates, the numbers will add up for a fraudster to spend the money to mail the letters.
How the pharm works: The pharm uses a toll free number, which would have been registered, possibly using fake names or contact information. The appearance of a toll free number on the pharm resonates with the typical toll free phone numbers used by the legitimate financial institution. When users dial the toll free number, they are greeted by a recorded message apparently from the FI. Below is a transcript of a recorded message:
Pharmer: Welcome to FI account verification.
Please type your 16 digits card number.
user: [types invalid 16 digit credit/debit card number]
Pharmer: Please type your 16 digits card number.
user: [types valid 16 digit credit card number]
Pharmer: Please type expiration date, month first year later.
user: [types 4 digit date]
Pharmer: Please type the last 4 digits of the primary card holder’s social security.
user: [types 4 digits]
Pharmer: Wait please till processing. Thank you. Your account has been verified. [Message terminates]