Pharming is a type of cyber attack where cybercriminals intentionally redirect you to a fake version of the website you hoped to access to steal your username and password. Pharming combines the terms “phishing,” a similar type of cyber attack, and “farming.”
Phishing uses deceptive email, social media, or text messages asking you for your financial information, while pharming requires no lure.
Pharming, the digital equivalent of spotting a detour sign while driving, pushes a driver to take a detour toward a waiting group of robbers.
Read More about “Pharming”
Pharming is more dangerous than phishing since it can affect more computers without any conscious action from victims. Pharmers, the perpetrators of pharming attacks, often victimize financial institutions like banks, online payment service providers, and e-commerce site owners.
How Does Pharming Work?
Let’s illustrate with a simple example. Say you left your email account open on your computer browser. A colleague (named Bob) accessed it and changed all of the email addresses in your contact list. A lot of problems can arise from that, including:
- You won’t be able to identify any of the email senders correctly.
- You can’t send the right emails to their intended recipients.
- You may end up sending messages to malicious individuals or threat actors if Bob happens to misspell email domains, causing these to point to malware-laden or phishing sites. (Note that a lot of malicious domains are misspelled variants of legitimate ones.)
To gain a broader understanding of pharming and how it differs from phishing, watch this video:
What Are the Types of Pharming?
In malware-based pharming, an attack is done against a single computer. A victim receives an email laced with malicious code that changes his/her computer settings, making it open to sending and receiving communications from a malicious site or individual. In most cases, pharmers point infected computers to fake websites. These sites often look so much like the real ones that the victim ends up entering his/her credentials into forms.
DNS Server Poisoning
This type of pharming is done via Domain Name System (DNS) poisoning, a more dangerous form of attack. Instead of individually compromising computers, hackers target an organization’s DNS server. A DNS server converts IP addresses into domain names and vice versa. It can be likened to a phonebook where the IP address acts as the site owner’s phone number and the domain name is his/her office address.
Pharmers can change the contents of an entire phonebook to point all users connected to the affected network to malicious sites. This type of attack is also harder to spot because the individual computers won’t show anomalous settings.
How Do You Recognize Pharming?
Spotting the signs of pharming requires that you look out for the following:
- Misspelled domain name: Most cyber attackers use misspelled or other variations of a popular website or domain name to lure victims. For instance, they may create a replica of your bank’s website and name it yovrbanklogin[.]com instead of the legitimate yourbanklogin[.]com.
- Unsecure connection: Check if the URL begins with “https” or “http.” Websites that start with “https” have a relatively more secure connection, meaning threat actors won’t see any data you type into the website. On the other hand, those that start with “http” aren’t secure, which could be a telltale sign of a pharming site.
- Unfamiliar web design: Most pharming websites imitate the logo, buttons, and other designs of a legitimate website. However, they may not be able to do so entirely since companies use unique fonts and color schemes. If you have visited the legitimate website in the past, watch out for any inconsistency and try to remember what it looked like before.
Once you fall victim to pharming, you may start noticing unauthorized password changes to your online accounts, bank or PayPal account charges that you didn’t make, social media posts you didn’t create, and messages or friend requests you didn’t send. New applications may also start appearing on your device even though you didn’t install them.
What Is the Difference between Pharming and Phishing?
Pharming and phishing have more similarities than differences. For one, the people behind them have the same malicious intentions—to steal a victim’s sensitive data. They imitate legitimate brands or companies through look-alike domain names and web designs.
Their main difference lies in how they lure victims. Phishing entices unsuspecting people through emails. These emails may lead users to visit a fake website or download a malicious file. On the other hand, pharming uses fake websites. Sometimes, the attackers don’t have to use lures. When you search for “banks near me,” pharming websites may just be hiding behind the search results pages waiting for someone to click their links.
What Are Some Examples of Pharming Attacks?
Pharming attacks were widespread in the early 2000s. In 2007, for instance, pharmers set their sights on the customers of 50 banks scattered across the globe. The affected financial institutions had no other choice but to shut down their operations to deal with the threat.
In the attack, the pharmers created a separate look-alike website for each bank. They then laced these pages with a Windows exploit. While Microsoft issued a patch for the vulnerability, users of unpatched systems could be redirected to the fake sites and end up with infected computers.
Affected users would see an error page asking them to turn off their firewall and antimalware. Once they do, every time they visit their banks’ website, what they see is the fake login page that allows the pharmers to steal their credentials.
How Can You Protect Against Pharming?
Here’s how you can avoid pharming attacks:
- Choose a reliable Internet service provider (ISP): Trustworthy ISPs can set up an automatic filter for subscribers that would prevent them from being redirected to pharming websites.
- Always check site links for misspellings: When visiting any site, always double-check if you are on the right and legitimate one. Most hackers rely on the spelling mistakes victims make to get them to specially crafted sites. Bookmark frequently visited sites, so you won’t have to type their links every single time manually.
- Choose Hypertext Transfer Protocol Secure (HTTPS): Websites whose links begin with “https,” an extension of HyperText Transfer Protocol (HTTP), secure communications over a computer network and are always safer to access. The “s” at the end means that all communications between it and your computer are encrypted or protected against malicious third parties (i.e., hackers hoping to steal your login credentials). This practice is particularly handy if you wish to make financial transactions online.
- Scrutinize downloads and clicks: As much as possible, never download attachments and don’t click links embedded in messages that come from unknown sources. That is the oldest trick in the cybercriminal handbook.