Pharming

Pharming (파밍), derived from "snatching [p]ersonal information with sop[h]isticated f[arming]", is a kind of financial scam over the Internet and smartphone.

Pharming can be conducted either by changing the hosts file on a victim's computer or by exploitation of a vulnerability in DNS server software. Pharming requires unprotected access to target a computer, such as altering a customer's home computer, rather than a corporate business server.

Phishing is a type of social-engineering attack to obtain access credentials, such as user names and passwords. In recent years, both pharming and phishing have been used to gain information for online identity theft. Pharming has become of major concern to businesses hosting ecommerce and online banking websites. Sophisticated measures known as anti-pharming are required to protect against this serious threat. Antivirus software and spyware removal software cannot protect against pharming.

After the first appearance in 2005 in the United States, pharming users have developed their tricks in Internet banking. In order to obtain the personal credit information of a victim, they usually snatch the real bank's website by domain hijacking rather than sending a bank-like email to a victim. So pharming is called as "phishing without bait".

Key words
phishing, farming, smishing, financial scam, vogus site

Tricks
Pharming attackers made and posted a bogus site exactly identical with the real bank's site in advance. When a user accessed a free shareware site to download movie or MP3 files, they have arranged trojan viruses to be transferred to the personal computer of the victim. While the victim tried to do online banking with his/her contaminated personal computer, the victim is automatically connected to the bogus site even though he/she keyed in the right URL address of the real bank. The attackers used to demand personal ID, password and all 35 security numbers of the victim to upgrade the security level. Afterwards they withdrew all the money from the victim's bank account. In the early 2013, a bogus website of the Nonghyup Bank was found to have victimized 67 customers up to 400 thousand won in total since August 2012. They fell victim to scammers when visiting the websites which demand personal credit information to offer free coupons, low-rate loans, etc.

Cf. Smishing
Phishing swindlers usually send their messages in the name of trustworthy instututions like banks, post offices or tax offices.

If the recipients willingly provide their bank accountㄴ and other credit information, they have been hooked by scammers via telephone (called "Voice phishing") or short message services (SMS, called "Smishing").

Combating the Cyber Scam
Secuirty specialists say mobile banking customers become the target of financial scammers. On average, 400 billion won are traded a day over smartphones. So the financial institutions are on the alert not to damage their credit standing by upgrading the computer system security level.

The Financial Service Commission considered to amend relevant laws including the Special Act Concerning Refund of Voice Phishing Damange (전기통신금융사기 피해금 환급에 관한 특별법) to prevent new types of financial scam. For example, to make it mandatory for financial companies to install necessary security softwares to detect any alteration of personal credit information, or to have relevant financial companies take charge of damages arising out of fraudulent loans were on the countermeasure list.