Pharming is a type of cyber attack in which the cybercriminals intentionally redirect you to a fake version of the website you hoped to access to steal your username and password. “Pharming” combines the terms “phishing,” a similar type of cyber attack, and “farming.”
Phishing uses deceptive email, social media, or text messages asking you for your financial information, while pharming requires no lure.
Pharming, the digital equivalent of spotting a detour sign while driving, pushes a driver to take a detour toward a waiting group of robbers.
Read More about “Pharming”
Pharming is more dangerous than phishing since it can affect a more significant number of computers without any conscious action from the victims. Pharmers, the perpetrators of pharming attacks, often victimize financial institutions like banks, online payment service providers, and e-commerce site owners.
How Does Pharming Work?
Let’s illustrate with a simple example. Say you left your email account open on your computer browser. A colleague (named Bob) accessed it and changed all of the email addresses in your contact list. A lot of problems can arise from that, including:
- You won’t be able to identify any of the email senders correctly.
- You can’t send the right emails to their intended recipients.
- You may end up sending messages to malicious individuals or threat actors if Bob happens to misspell email domains, causing these to point to malware-laden or phishing sites. (Note that a lot of malicious domains are misspelled variants of legitimate domains.)
To gain a broader understanding of pharming and how it differs from phishing, watch the video
Pharming attacks can be classified into several categories:
- Pharming a single computer: In this scam, a victim receives an email laced with malicious code that changes his computer’s settings making it open to sending and receiving communications from a malicious site or individual. In most cases, pharmers point infected computers to fake websites. These sites often look so much like the real ones that the victim ends up entering his or her credentials into forms.
- Pharming via Domain Name System (DNS) poisoning: This is a more dangerous form of pharming. Instead of individually compromising computers, hackers target an organization’s DNS server. A DNS server converts IP addresses into domain names and vice versa. It can be likened to a phonebook where the IP address acts as the site owner’s phone number and the domain name is his or her office address. Pharmers can change the contents of an entire phonebook to point all users connected to the affected network to malicious sites. This type of attack is also harder to spot because the individual computers won’t show anomalous settings.
An Infamous Pharming Attack
Pharming attacks were widespread in the early 2000s. In 2007, for instance, pharmers set their sights on the customers of 50 banks scattered across the globe. The affected financial institutions had no other choice but to shut down their operations to deal with the threat.
In the attack, the pharmers created a separate look-alike website for each bank. They then laced these pages with a Windows exploit. While Microsoft has issued a patch for the vulnerability, users of unpatched systems could be redirected to the fake sites and end up with infected computers.
Affected users would see an error page asking them to turn off their firewall and antimalware. Once they do, every time they visit their banks’ website, what they will see is the fake login page that allows the pharmers to steal their credentials.
How to Protect against Pharming
Here’s how you avoid pharming attacks:
- Choose a reliable Internet service provider (ISP): Trustworthy ISPs can set up an automatic filter for subscribers that would prevent them from being redirected to pharming websites.
- Always check site links for misspellings: When visiting any site, always double-check if you are on the right and legitimate website. Most hackers rely on the spelling mistakes victims make to get them to specially crafted sites. Bookmark frequently visited sites, so you won’t have to type their links every single time manually.
- Choose Hypertext Transfer Protocol Secure (HTTPS): Websites whose links begin with HTTPS, an extension of Hypertext Transfer Protocol (HTTP) used to secure communications over a computer network, are always safer to access. The “S” at the end means that all communications between it and your computer are encrypted or protected against malicious third parties (i.e., hackers hoping to steal your login credentials). This practice is particularly handy if you wish to make financial transactions online.
- Scrutinize downloads and clicks: As much as possible, never download attachments and don’t click links embedded in messages that come from unknown sources. That is the oldest trick in the cybercriminal handbook.