What-is-pharming-attack

What is Pharming Attack? And How to Protect Against it?

What is a Pharming Attack?

It is a cyberattack intended to redirect a website’s traffic to another fake website. It can be conducted either by changing the host’s file on a victim’s computer or by exploiting a vulnerability in the DNS server software.

In recent years, pharming and phishing have been used to gain information for online identity theft. As such, pharming has become a significant concern for businesses and individuals alike.

How does it Work?

It exploits the mechanics of Internet browsing. When it comes to understanding how pharming works, it’s essential that you first understand how the Domain Name System (DNS) servers work.

Website DNS servers are computers responsible for resolving Internet names into real IP addresses. Compromised website servers are often referred to as poisoned.

When you visit a website, you form a DNS cache – a digital footprint. This is in place so that your internet traffic doesn’t have to route all the way to the server each time you request the same website. Pharming can corrupt the DNS cache and the website server, resulting in two types of attacks. Protect your personal information from pharmers by practicing sensible internet safety etiquettes while using on your computer or devices

What is an example of a Pharming Attack?

Example 1

Symantec reported the first case of a “drive-by” pharming attack on a Mexican bank in 2008. In this attack, hackers altered the DNS settings of a customer’s insecure, home-based broadband router on your personal computer through an email that seemed to be from a genuine Spanish-language greeting card company.

What happened was that the malicious code in the email reconfigured the user’s router to send their web browser traffic to the attacker’s fake, fraudulent bank website. The goal is to get you to make sure you provide personal information, like payment card data or passwords.

Example 2

An advanced attack took place in 2017, targeting more than 50 financial institutions. The attacker exploited a Microsoft vulnerability and created a fraudulent website mimicking the bank website which was targeted website and it sends victims to the bogus website without their knowledge or consent.

The victims were online customers in the United States, Europe, and Asia-Pacific. They were allured to a website that hosted a malicious code. The website downloaded a Trojan along with five other files on the user’s device.

Users who visited the malicious site had their account login information sent to a Russian server. Nearly 3,000 Computer were affected by this cyberattack in three days. This goes to show the extent of loss a cyberattack can have on internet users.

What is Malware Pharming?

Malware-based pharming is when you get affected by a Trojan or virus through a malicious email or download link. Once affected, the malware secretly redirects you to a fraudulent fake website, which is designed by fraudsters to gather your private information.

In this type of pharming, malicious code sent via an email or downloaded through a link can change your device’s local host files. Once the host files get corrupted, you’ll be directed to fraudulent website irrespective of the internet address you enter.

What is DNS Server Poisoning?

Domain Name Systems servers are computers on the web. Their purpose is to direct your website request to the intended IP address. If a website DNS server ip address is corrupted, it can route your internet traffic to a different, bogus IP address.

This form of pharming scam isn’t dependent on corrupting host files like a malware cyberattack. Instead, the attack targets at the website server level by manipulating any weaknesses. Once it exploits a vulnerability, the website server gets poisoned meaning you get redirected to fake website without you knowing about it.

If a website server has enormous traffic and gets corrupted, pharming attackers could potentially be in luck as they would be able to target and scam a massive pool of victims.

How to Protect Yourself Against Pharming Attacks

As with any ordinary solution to viruses and other forms of malware, you should begin by installing a reputable antivirus and anti-malware security software.

Ensure that the software has browser monitoring enabled, which will easily detect any malware threats for you. Such software protects your devices against online threats.

However, don’t solely rely on antivirus software as emerging threats can get their way around them. You’ll need additional anti-pharming measures to secure your online journey.

  • Ensure the web connection is secure (HTTPS)
  • Double-check a link or attachment before you open it on your computer of device
  • Stay away from shady websites
  • Have two-factor authentication and OTP enabled on your internet accounts
  • Opt for a reliable internet service provider, and some ISPs are in the business of harvesting your data
  • Use a VPN service that has reputable DNS servers
  • Frequently change your Wi-Fi passwords

If you think you’ve fallen victim, its best to reset your device and your DNS entries.

Here are two signs of pharming.

  1. An unsecure connection – If you’re visiting a website and their address has ‘http’ instead of ‘https’ in the address line, it’s a clear indicator that the website is potentially corrupted.
  2. A vague feeling – Sometimes, trusting your gut can be the ideal solution. If a website is giving you suspicious feelings, such as it has spelling errors, unfamiliar font, or colors, it’s probably corrupted. It’s an indicator to steer clear.

Ather Owais is a tech and cybersecurity enthusiast. He is a strong advocate for online privacy and security, following technological trends and their impact on today's digital era.

Have Your Say!!

Join 3 million+ users to embrace internet freedom

Signup for PureVPN to get complete online security and privacy with a hidden IP address and encrypted internet traffic.

Shares