First online crooks went “phishing,” and now they’re getting into “pharming” to reap their harvest of potential identity-theft victims.

Pharming is a new scam that automatically directs computer users from a legitimate Web site to a fraudulent copy of that site — without any warning signs. The fraudulent site collects passwords, credit card numbers or other private information for potential misuse.

Security experts say such attacks are rare so far but could grow in the coming months in much the same way phishing scams have exploded.

“It’s almost entirely out of the user’s hands. They’re simply connecting to a Web site that they believe is a legitimate site,” said Oliver Friedrichs, a senior manager for Cupertino security software maker Symantec’s Security Response Center.

“If you look at phishing like you’re pulling individual fish out of the ocean, pharming would be more like you’re throwing a big net,” said Friedrichs.

Some security experts think pharming is more sinister than phishing because it can be harder to detect.

Phishing uses e-mail spam to deliver fake messages, designed to look like they’re coming from banks or other legitimate companies, to lure many individual customers into revealing personal or financial information.

More here.