In 2007, a major cybersecurity incident affected over 50 financial institutions across the US, Europe and Asia-Pacific. Hackers created fake websites for different banks and institutions to harvest the private data of their customers. This attack was conducted on an unprecedented scale, making it the most infamous pharming attack in history.
Similar pharming attacks also took place in Brazil and Venezuela in 2015 and 2019, respectively. Both attacks scraped personal details such as phone numbers, passwords and other information.
These incidents indicate the gravity of a pharming attack, which brings us to the question,
What is pharming?
The word pharming essentially combines two words — phishing and farming. Like phishing, pharming manipulates websites’ traffic to steal confidential information by creating fake, lookalike websites.
Pharming is a social engineering attack that redirects users to a spoof website, even if they type in the correct web address. The goal of a pharming attack is identity theft.
Many people get confused between phishing and pharming. Both are very similar in some ways. But certain distinctions separate the two.
Phishing works on the concept of enticing or fooling people into clicking malicious links sent via emails. Hackers pose as legitimate organizations and send these emails hoping people would click on the malicious link, redirecting them to a spoof site that harvests their private information.
On the other hand, pharming does not involve enticement. Pharming attacks do not depend on people’s gullibility. Instead, they work in a two-step process. First, the attackers install malicious code on the computer or server. This code redirects users automatically to spoof or fake websites that deceive people into giving up information.
In phishing, there is a lure such as a deceptive email, text message or social media message. While in pharming, there is no lure. A pharming attack is way more dangerous because users do not even realize they are under attack.
How does pharming work?
Pharming exploits the functioning of internet browsing to launch attacks. It corrupts the DNS cache and DNS server. The function of a DNS server is to translate domain names into IP addresses and vice versa. When we visit a website, the DNS cache stores the data to avoid fetching data from the website on subsequent visits, ensuring faster page loads and lower network traffic by corrupting both the DNS cache and DNS server, hackers stage pharming attacks.
Pharming attacks usually occur in two methodical ways.
Malware-based pharming – Hackers send emails with malicious links that force people to download a virus or trojan. The malware corrupts the host file of the computer and redirects traffic away from the intended website. Even if the person keys in the correct web address, the corrupt host file will redirect the user to the fake website.
DNS poisoning – The second type of pharming attack is potentially more dangerous because it does not occur on a personal level – it occurs at the DNS server level. DNS servers connect users to the required websites. But a corrupted DNS server can redirect users to a malicious, fake website without their knowledge. The vulnerabilities in the DNS server facilitate this redirect through a corrupted DNS table.
What makes pharming so dangerous is that the victims need to take only minimal action before compromising their information. With DNS poisoning, victims are not even at fault. They can use protected devices and still end up on fraudulent sites. Also, if a popular DNS server is hit, millions of people can be exposed.
How to protect yourself against pharming
Here are some actionable steps you can adopt to avoid pharming at a personal level.
Always use a reputed ISP. A good ISP will block most malicious redirects, keeping you safe from fraudulent websites.
Sometimes, it is advisable to use a specialized DNS service instead of your regular DNS server. A specialized server will offer much more protection against cyber-attacks.
Always check the website link for ‘HTTPS’ and not ‘HTTP.’ The extra ‘S’ at the end shows that the website has a valid security certificate. Another pointer here would be to look for the lock icon on the address bar.
Always ensure that you do not open emails from unknown or doubtful sources. Clicking on a malicious link can lead to a pharming software download onto your device without your knowledge.
Always avoid websites that look suspicious. In most cases, hackers do not spend a lot of time creating perfect lookalike websites. There is a high probability of something being off, such as fonts, colours or content.
Always enable two-factor authentication. 2FA makes it much harder for hackers to gain access to your account.
Install a reputed antivirus and anti-malware software. Keep the software regularly updated to maintain the highest level of security.
Cybercrimes such as pharming and phishing are common. For organizations, even one attack can unravel several years’ of income and reputation. Protecting against such attacks begins by first gaining knowledge about how these attacks are perpetrated. Once understood, proper security measures can be implemented to protect devices, accounts, servers and networks. Against pharming, a combination of cyber vigilance and anti-malware software works best.