What Is Pharming And Why Is It Dangerous?
What Is Pharming And Why Is It Dangerous?
In this article, we will discuss what is pharming, the difference between phishing and pharming? And how do we prevent these pharming attacks?
Pharming is a type of cyber attack that involves redirecting web traffic from a legitimate website to a fake one. This is designed to make the fake site look like a legitimate one, so users will be tricked into logging in and typing in their details. These details are then taken by the “perpetrator” and used for illegal activities.
Like phishing, pharming is intended to collect user information such as usernames and passwords or bank details. Even compared to phishing, pharming is much more sophisticated and scary. This can generate a wider net, influence more users in a short period of time, and cost a company millions of dollars.
Phishing And Pharming Differences
Pharming by some people is often considered as "phishing". Actually it is much more dangerous than phishing and has a different MO. Many users, including some who are familiar with common phishing tactics, won't know what hit them until they see an unusual transaction in their account.
While phishing involves luring users by sending links to bogus websites either via email or text, pharming, on the other hand, is much more difficult to detect.
It can attack computers without the user's knowledge or in some cases can also attack DNS (Domain Name System) servers to reroute website traffic away from legitimate sites and redirect users to fake websites controlled by hackers.
To better understand how these cyber attacks work, it is important to know the two types of pharming attacks.
One of the ways hackers attack is through trojans that you get from malicious emails, file attachments or tainted apps that you download. It goes into your computer's hosts file to direct traffic from your regular URL to that copy of the website.
Think of your computer's hosts file as your local address book. This address book contains the hostnames of the websites you visit and their corresponding IP addresses. Hostnames are words you type into your browser such as www.google.com or www.mybank.com.
After you type in the website's hostname, the computer then checks its hosts file to see if it has the correct IP address for the site and then connects you to the website.
When your device is infected with pharming malware, cyber criminals secretly make changes to your computer's hosts file. By changing entries in the hosts file or local “address book”, cyber criminals can redirect you to fake sites that may look almost exactly like the ones you are used to visiting. So when you type in www.facebook.com for example, you will be redirected to a fake page similar to Facebook.
In some cases, cyber criminals target DNS servers instead. DNS servers are like a phone book or a larger directory with the corresponding domain names and IP addresses. Cybercriminals can exploit vulnerabilities and infiltrate DNS servers and then poison the DNS cache by entering fake DNS entries.
By doing this, the attacker redirects website traffic away from the legitimate site, usually online banking or e-commerce, and redirects the user to the cloned website.
DNS poisoning casts a much bigger net as it can impact hundreds if not thousands of users. What's even worse is that it can infect other servers, hence the term "poisoning".
In 2017, for example, a sophisticated pharmaceutical attack targeted around 50 financial institutions and affected more than 3,000 PCs over a three-day period. Customers from Europe, the United States and Asia Pacific are lured to fake websites where their account login information is collected by cyber criminals.
DNS Poisoning is also more difficult to detect. Your computer may appear fine and malware free after a scan but if the DNS servers are compromised, you will still be redirected to fake websites.
It is not as common as phishing and other forms of cyber attacks, as it requires more work for the attacker. Phishing is more widespread because it's easier to post a link to a fake website and hope an unsuspecting victim clicks on it than to hack into a computer or, even more so, a DNS server.
But just because it's uncommon doesn't mean it can't happen to you. Learning how you can protect yourself from these types of attacks will save you a lot of trouble in the future.
How to Protect Yourself From Pharming Attacks
Now that you know how this cyber attack works, it's time to protect yourself with some tips and precautions to save yourself from this dangerous pharming attack.
Make Sure The Website Is Secure
Before you type sensitive information such as usernames and passwords or other personal information, make sure the website uses an HTTPS (Hypertext Transfer Protocol Secure) connection. This means that an SSL (Secure Sockets Layer) certificate has been issued which protects the information you enter.
How do you know the website is safe? You can search in the browser address bar and make sure there is a small “padlock” icon and it says secure connection. The address must also start with “https”, not just “http”.
Don't Click Without Checking the Source
Pharming malware can come in the form of a trojan that sneakily hides behind seemingly harmless files or software. It can hide and run in the background of your computer. So double check that the source of the file, link or email is legitimate.
Use Reliable And Updated Anti-Malware Software
For your antivirus to be effective against the latest threats, you need to update it regularly. Cyber attackers often exploit computer or server vulnerabilities and updates are intended to fix these vulnerabilities.
Updating your operating system and antivirus applications is the first line of defense against phishing malware.
Enable Two-Factor Authentication
Two-Factor Authentication (2FA) is one of the best ways to protect your online accounts. You should use this especially on websites that handle your financial information.
When 2FA is enabled, you will be asked for a separate code apart from your login and password. This code is sent to your phone or email, so even if a hacker gets your username and password, they can't get into your account anymore because they need a verification code.
Check for Grammar Errors On Website
Since the goal of hackers is to collect your information, they don't often spend a lot of time polishing content. Be on the lookout for grammatical errors, overly long sentences, and phrases that don't sound right. This often clues you in to the legitimacy of the website.
So while pharming attacks are not as common as phishing in that they are more difficult to execute and involve more sophisticated techniques, they are far more aggravating and dangerous.
Because it can attack users without them knowing because even if the user sees the correct URL in the address bar, they can still be redirected to fake websites which may look like the official site.
It can also launch repeated attacks on a single user if malware is installed on their device or repeated attacks on multiple users as in the case of DNS poisoning.
So many articles What is pharming and why is it dangerous. Look forward to other interesting articles and don't forget to share this article with your friends. Thank you…
Just an ordinary person who wants to share a little knowledge, hopefully the knowledge I provide can be useful for all of us. Keep in mind! Useful knowledge is an investment in the afterlife.