What is Pharming?

Pharming is a cyber attack involving malicious code and fraudulent websites. An attacker starts by installing malicious code on your computer that automatically directs you to unknown and strange websites without your knowledge or consent. Once you are on the fake websites, the attacker tries to trick you into providing personal information so that he can commit financial fraud and identity theft.

Pharming is commonly referred to as “no-lure phishing”. If you are not familiar with phishing attacks, these are attacks that happen through email. The attacker will often include discreet links, images or text leading to unknown sites that will ask you to provide your credentials. And if you provide these credentials, the attacker can access the real site and steal your information there. The difference with pharming is that you don’t have to click on that initial link to take you to another website. Instead, you are automatically redirected there and the attacker has immediate access to your information. So yes if you are wondering; these are more frightening attacks than phishing!

Click here to download Free RAM Free Antivirus

How Does Pharming Work?

The user’s request is redirected by manipulating the DNS protocol. The protocol is responsible for converting the textual host name (URL address) to a numeric IP address. This conversion process gives criminals two points of attack to redirect demand.

1. Attack the hosts. Deposit

Whenever a website is requested, the computer first accesses the local hosts. to check if the website has already been visited and if the IP address is already known. Attackers can exploit this process. They can install malicious software on the computer, for example through email attachments infected with viruses or by using Trojans on websites. These manipulate the registration of IP addresses, thus redirecting any request to the fraudulent site.

2. Attack the DNS server

Another more sophisticated approach to pharming is to directly infect the DNS server, from which the IP address is requested after a user enters a URL. This technique is particularly insidious: although the user’s computer itself is not infected with malware, it becomes the victim of an attack.  The attack occurs through a process called DNS flooding. Here, the server is offered address resolution before it can find the correct assignment.

How To Recognize Pharming Attack?

It is very difficult to recognize pharmed websites. However, there are several ways that can help you identify a fake website posing as a legitimate website:

• Url: Is the URL different? Are the words misspelled? Is the web address the same as the regular website or is it a variation of the name? Any of these errors can mean you are on a bogus site.
• HTTP vs HTTPS: Make sure the site says “https”, not just “http”. The “s” stands for secure. It is only given when the website is a reliable and secure site.
• Design: What does the website look like? If this is a site that you visit often, you will probably be able to notice small changes. The login button may be a different color or in a different location. Maybe the pictures or colors are just a little off. Small differences like these could mean you are on a pharmed website.

If you think you have found a pharmaceutical website, contact your Internet Service Provider (ISP). Ultimately, it’s their job to find, detect, and remove these bogus websites. However, with the ever increasing number of cybercriminals, there are bound to be pharmed websites sneaking up on them.

Pharming vs Phishing

The idea behind pharming and phishing is the same; deception. Both are forms of cyber attacks that aim to trick a user into believing they are looking at something legitimate, but instead it is something fake. Pharming is when hackers send users to bogus websites that look legitimate. Phishing involves sending fake emails that look legitimate.

Either way, the hacker will create something that looks and behaves in a way that convinces users that it’s the real thing. From this point on, the hacker user will be able to obtain personal information from the user in various ways.

How to Protect against Pharming

Here’s how to avoid pharming attacks:

Choose a reliable Internet Service Provider (ISP): Trusted ISPs can set up an automatic filter for subscribers that would prevent them from being redirected to pharming websites.

Always check site links for misspellings: When visiting a site, always check if you are on the correct legitimate website. Most hackers rely on misspellings made by victims to get them to specially crafted sites. Bookmark frequently visited sites, so you don’t have to manually type in their links every time.

Choose Hypertext Transfer Protocol Secure (HTTPS): Websites whose links begin with HTTPS, an extension of the Hypertext Transfer Protocol (HTTP) used to secure communications over a computer network, are always safer to access. The “S” at the end means that all communication between it and your computer is encrypted or protected from malicious third parties (ie hackers who hope to steal your login credentials). This practice is particularly useful if you want to conduct financial transactions online.

Examine downloads and clicks: Whenever possible, never download attachments or click on links embedded in messages from unknown sources. This is the oldest tip in the Cybercriminals Handbook.

This article covers the answers to some of your frequently asked questions: