Also known as “phishing without a lure”, the term pharming is derived from a combination of “phishing” and “farming” and is a form of social engineering cyberattack. Where phishing works by redirecting web traffic to a specially created, fraudulent website designed to very accurately mimic the appearance of a legitimate site, a pharming attack doesn’t need to rely on a hoax site to lure a target. Cyber criminals instead compromise the Domain Name System (DNS) at the server level, redirecting internet traffic to their pharming site. Once a victim reaches this fake site, cyber criminals simply sit back and wait while the unsuspecting user logs in as usual, thereby unknowingly granting the fraudsters access to their sensitive personal information. By obtaining personal information such as your name, address or social security number, fraudsters can carry out identity theft, access your online banking or steal confidential business information.
How it works
To understand the mechanics of a pharming attack and how they are carried out, we need to explore how Domain Name System (DNS) servers work. The task of the DNS is to translate domain names to IP addresses, which represents the actual location of the website, allowing your internet browser to connect to the server the site is being hosted on. There are two main methods of carrying out a pharming attack:
This pharming method plants malicious code via a virus or Trojan delivered by means of an email or download link. This code then corrupts the hosting files on your device, secretly rerouting you to a fraudulent pharming site set up by cyber criminals for the purposes of obtaining your personal data.
DNS Cache “Poisoning”
When you enter the address of a website, your browser creates an DNS “cache”, so you don’t have to return to the server every time you want to revisit a site. This type of pharming “poisons” the DNS table, or cache, corrupting the server and redirecting internet traffic to fraudulent pharming sites. The consequences of this type of attack are far more widespread than malware-based pharming as multiple website addresses may be compromised.
Protecting yourself and your brand from pharming attacks
Pharming attacks are harder to detect than other malicious online activity due to their covert nature, so educating yourself and your employees as to how to identify fraudulent websites, and the steps you can take to protect yourself will go a long way to keeping your business safe. The most effective way to mitigate your risk is by ensuring your employees receive regular, comprehensive training to help them identify online threats, and act accordingly. When it comes to identifying a hoax website, look out for things like spelling mistakes, a logo that doesn’t look quite right and unusual questions on a website you usually frequent are all red flags. When in doubt, log out!
Additional steps to reduce your risk:
- Outdated security software leaves your network vulnerable. Ensure your security software is up to date, and running regular antivirus checks and spyware removal software will add an additional layer of safety.
- Change the default password on your wi-fi router. When a scammer tries to access your computer, the first place they check is the router. If the router still has the default password, your network is vulnerable to attack.
- Be aware of what websites you visit. Fraudulent websites can install malicious software or browser extensions on your computer that will modify the DNS cache.
- Be careful of any emails you open. An email attachment can also contain malware. Always make sure the email is sent from a known or reputed source.
Pharming attacks are one of the more dangerous types of online fraud, more concerning because by their nature they require very little action from a victim. Your device can be reading as completely virus free, and you may still be directed to a pharming site, putting a large number of users at risk simultaneously. As an example, in 2017, more than 50 different banks and financial institutions around the world were targeted by a pharming attack. The scammers meticulously created individual pharming sites for each bank, and more than 3,000 devices were affected in just three days. While preventing pharming attacks completely isn’t possible, you can mitigate your risk. In the event your brand is impacted, early detection is key.