What is “PHARMING”?
From what has been discussed in previous TIPS, you already know about social engineering techniques, Phishing (email), Vishing (call) and Smishing (text message). Especially in the first and third of these, i.e. Phishing and Smishing, it is very common to find fraudulent links and that the cybercriminal expressly asks us to click on them.
These links usually redirect to fake web pages, which, at first glance, are similar to the official ones (for example, those of our bank). Cybercriminals go to a lot of trouble to make both the image of the website and its operation as identical as possible to the real page.
This cyber-attack of creating a fake website is called “Pharming”, which comes from the agricultural term “farming” (in English), or in other words, to plant something (the website) in order to harvest the fruits (the data entered by the Users). So this is a cyberattack that can exist by itself or be linked to those discussed in previous TIPS, to increase the number of visits to the fake website.
How can we know if a website is secure?
Check before you click on the link in the email or text message. This can be done on the computer by hovering the mouse over the link (without clicking), so that the address (URL) of the web page to which the link redirects us appears. And in case of a text message, check if what is requested in that communication could be done or verified by other means (official website searched on the internet, official application of that entity, etc.).
- Example 1: We have received an email or SMS notifying us of a problem sending or receiving a package with a certain number, and we are asked to click on the link in the message. In this case, it would be preferable to write down the number, open the Internet, search for the official website of that parcel provider (UPS, SEUR, DHL, etc.) and enter that number. If it is real, the tracking will appear and if it is false, the information will not be found.
- Example 2: A traffic ticket notified by mail or SMS. In such a case, with the vehicle’s license plate, we could consult this same information on the official website of the corresponding agency and find out for sure, without clicking on any link that may be false.
- Example 3: An account overdraft or claimed non-payment. Before clicking on the link to solve this incidence or economic debt, it is preferable to check through our online banking or banking application, that we really owe this amount.
If we still click on the link, we must know that, nowadays all web pages must have some specific characteristics to be considered safe, which are the following:
The web “lock” (🔒) lets us know whether a web page encrypts the data entered on it, i.e. protects it. To do this we must also look at the address of that website (URL), in which instead of “HTTP:” should appear “HTTPS:”. Whenever we see that “S“, it will let us know that, if we enter data, for example, payment data, it will be protected from the moment it is entered.
But in case it is a fake website, which can also have these locks, by clicking on it (that action in this context would be safe) we can also check the ownership of who owns that page. Thus, in less than a minute, we will know if the name of the owner corresponds, for example, with that of our bank, or on the contrary, if it is a fake website. Therefore, we recommend not only to trust the existence of the padlock, but also to check the information provided by the padlock before entering any personal or payment data on the website.
In any case, it is also important to know that current browsers (Google Chrome, Exchange and others), as soon as we access a web page either by entering the address directly or through the search engine, if they detect that it could be a false, suspicious or unsafe website, an alert message will immediately appear, precisely where the padlock icon is usually found.
IMPORTANT NOTE: If you believe that you have provided personal or professional information, which you should not have disclosed by this means, in the work environment notify the IT Department, CISO or DPO and in the personal environment report it to the police authority.
*Date of shipment: April 07, 2025