by Scamwatch 17 November 2011


‘Pharming’ scams

What is a pharming scam?

Phishing scams involve emails that trick you into clicking on a link to a scam website where you are asked to enter your personal, password or financial information. Pharming scams however automatically redirect you to these scam websites, often without your knowledge.Pharming is when you are redirected to a fake/scam version of a website which may look identical to the website you were trying to view. This is sometimes referred to as page-hijacking or page-jacking. In this scam, the legitimate url you typed into your browser or the bookmarked link you followed automatically changes and redirects you to a fake address, often which looks very similar to the legitimate address.There are two main methods of committing pharming scams, both leading to potential identity fraud.  In the first, a victim’s computer is infected with a virus or malware which then causes technical changes on the computer which redirect you to the fake website, even if you type in the correct internet address or clicked on a bookmark/favourite entry. This style of pharming may be identified by some antivirus/antispyware software programs.The second type of pharming is more sophisticated and generally undetectable by antivirus/antispyware programs making it very hard to protect yourself. In this case, an external DNS server, rather than your computer, is attacked resulting in you being unknowingly redirected to a fake/scam copy of a legitimate site. As your computer is not infected, antivirus software cannot help you.The scam websites which you are redirected to are set up by scammers and may look identical to legitimate websites which request your personal details such as online banking websites. The fake site will ask you to enter sensitive personal details such as:

  • usernames
  • passwords
  • bank account and credit card numbers
  • email addresses.

If successful, a pharming scam will most likely lead to identity theft using the personal details you enter into the fake website.

Warning signs

  • Legitimate websites which ask you to enter sensitive personal details are commonly encrypted to protect your details. This is usually identified by the use of “https:” rather than “http:” at the start of the internet address or a closed padlock or unbroken key icon at the bottom right corner of your browser window.  If these are missing or there is an open padlock or broken key icon present, the website is not secure and could be a scam site.
  • The pharming website will often have a striking resemblance to a legitimate site, however the internet address will be slightly different, as may some elements of the visual appearance of the site.
  • The site may ask you for personal information which the original site didn’t, for example an online banking website will usually ask you to enter your username and password, however a pharming site may also request your bank account or credit card number.

Protect yourself from pharming websites

  • Never provide your personal, credit card or account details online unless you have verified the website is authentic.
  • You can verify a website’s authenticity by looking for “https:” at the beginning of the internet address, the locked padlock icon or the unbroken key icon.
  • If you know what the correct internet address should be, check the address of the site you are viewing matches and ensure it hasn’t changed from what you entered or expected.
  • Check if the website has a digital certificate. If it has one it will generally appear as a padlock icon alongside the web address. You can click on the icon to ensure that the certificate has been verified, is official and has not expired.
  • Keep your computer programs updated – many programs give you the option to receive updates automatically.  Install and regularly update antivirus, antispyware and firewall software.
  • Remain cautious when downloading free software from the web as these often carry viruses or malware.
  • If you think you have provided your account details to a scammer, contact the organisation you hold your account with immediately, such as your bank or email provider.

As well as following these specific tips, find out how to protect yourself from all sorts of other scams.

Report scams

If you think you’ve spotted a scam, report a scam to SCAMwatch or contact the Australian Competition and Consumer Commission on 1300 795 995. You should also spread the word to your friends and family to protect them.

More information

Check out our Requests for your account information (‘phishing’ scams) and ‘Whaling’ and ‘spear phishing’ scamspages which deal with a similar scam approach.