Pharming is a type of cyber attack that involves redirecting web traffic from a legitimate site to a bogus site. The latter is designed to look like the legitimate site so users will be duped into logging in and typing their details. These details are then harvested by “pharmers” and used for illegal activities.
Like phishing, pharming is meant to collect user information like username and passwords or bank details. Although compared to phishing, pharming is much more sophisticated and sinister. It can cast a wider net, affect more users over a short period, and cost companies millions of dollars.
Phishing vs. Pharming
Pharming is deemed by some as “phishing without a lure.” It is a lot more insidious compared to phishing and has a different MO. Many users, including some of those who are aware of the usual phishing tactics, wouldn’t know what hit them until they notice unusual transactions in their accounts.
While phishing involves luring users by sending out a link to the fake website either via email or text, pharming, on the other hand, is a lot more difficult to detect.
It can either attack the computer without the user knowing or in some cases it can also attack a DNS (Domain Name System) server to reroute the website traffic of a legitimate site and lead users to a fake website controlled by hackers.
How to Spot a Phishing Email
Catching a phishing email is tough! Scammers pose as PayPal or Amazon, trying to steal your password and credit card information, are their deception is almost perfect. We show you how to spot the fraud.
Two Types of Pharming
To better understand how this cyber attack works, it’s important to know the two types of pharming attacks.
Malware Based Pharming
One way hackers attack is through a trojan you get from a malicious email, file attachment, or tainted app you download. It makes its way into your computer’s host file to redirect traffic from your usual URLs to a copy of those websites.
Think of your computer’s host file as your local address book. This address book contains the hostnames of the websites you visit and their corresponding IP addresses. Hostnames are the words you type into your browser like www.google.com or www.mybank.com.
After you type the hostname of the website, the computer then checks into its host file to see if it has the corresponding IP addresses for that site and then it connects you to the website.
When your device is infected with pharming malware, cybercriminals stealthily make changes to your computer’s host file. By changing entries in your host file or local “address book” cybercriminals can redirect you to a bogus site that may look almost exactly like the ones you routinely visit. So when you type in www.facebook.com for example, you will be redirected to a fake page that looks like Facebook.
DNS Poisoning
In some cases, cybercriminals target DNS servers instead. A DNS server is like a bigger phone book or directory with domain names and their corresponding IP addresses. Cybercriminals can exploit vulnerabilities and infiltrate a DNS server then poison the DNS cache by inputting fake DNS entries.
By doing this, attackers redirect the website traffic of a legitimate site, usually online banking or e-commerce, and lead users to a cloned website.
DNS poisoning casts a significantly larger net since it can impact hundreds if not thousands of users. What’s even worse is that it can infect other servers; hence the term “poisoning”.
In 2017, for instance, a sophisticated pharming attack targeted some 50 financial institutions and affected more than 3,000 PCs over a three-day period. Customers from Europe, the United States, and Asia Pacific were lured to fake websites where their account login information was collected by cybercriminals.
DNS poisoning is also more difficult to detect. Your computer might seem okay and malware-free after a dozen scans but if the DNS server is compromised you’ll still be redirected to the fake website.
It isn’t as common as phishing and other forms of cyber attack though, since it requires a lot more work for the attackers. Phishing is more widespread because it’s easier to send out a link to a bogus website and hope that unsuspecting victims click on it than to infiltrate a computer or, more so, a DNS server.
But just because it’s not as common, doesn’t mean it can’t happen to you. Learning how you can protect yourself from this type of attack will save you a whole lot of trouble in the future.
How to Protect Yourself From Pharming Attacks
Now that you know how this cyber attack works, it’s time to arm yourself with these tips and a few precautions to save yourself from a successful pharming attack.
Make Sure That the Website Is Secure
Before you type in sensitive information like your username and password or your bank details, make sure the website uses an HTTPS (Hypertext Transfer Protocol Secure) connection. This means that it has been issued an SSL (Secure Sockets Layer) certificate which protects the information you input.
How do you know a website is secure? A good indicator is the the address bar of your browser. Simply look for the small “padlock” icon. The address should also start with “https” instead of just “http”.
Don’t Click Without Checking the Source
Pharming malware can come in the form of a trojan that sneakily hides behind a seemingly harmless file or piece of software. It can lurk in the background of your computer and play switcheroo with the entries in your host file without you knowing it.
Double-check if the source of your files, links, or emails are legitimate.
Use Dependable and Updated Anti-Malware Software
For your antivirus to be effective against the latest threats, you need to update it regularly. Cyber attackers often exploit vulnerabilities of a computer or server and updates are meant to fix these vulnerabilities.
Updating your operating system and antivirus software is the first line of defense against phishing malware.
Enable Two-Factor Authentication
Two-Factor Authentication (2FA) is one of the best ways to protect your online accounts. You should use this especially on websites that handle your financial information.
When 2FA is enabled, you’ll be asked for a separate code aside from your login and password. This code is sent to your phone or email, so even if hackers acquire your username and password, they won’t get into your account next time since they need a code.
Check for Grammatical Errors on the Website
Since the goal of a hacker is to collect your information and not to provide a seamless online experience, they don’t often spend as much time polishing the content. Watch out for grammatical errors, extremely long sentences, and phrases that don’t sound right: these can often clue you in on the legitimacy of the website.
If You Think Something Isn’t Right, Call Your Bank!
While a pharming attack isn’t as common as phishing since it is harder to execute and involves more advanced techniques, it is much peskier and more insidious. It can attack users without them knowing because even if users see the correct URL in the address bar, they can still be lead to a fake website that may look like the legitimate one.
It can also launch repeated attacks on a single user if the malware is installed on their device or repeated attacks on multiple users as in the case of DNS poisoning.
If you notice that something is amiss—you see a warning that says the website has an invalid or missing SSL certificate, or something just doesn’t seem right even if you can’t quite put your finger on it—it’s always best to call your bank or the site’s customer service to double-check.
Image Credit: B_A/Pixabay