What is Pharming? How to Protect Against a Pharming Attack
Even a cybersecurity pro may just be a click away from being a victim of a pharming attack.
Since pharming relies excessively on human carelessness, installing anti-malware is often not enough to stop it in its tracks.
So, let’s dive right in, find out what pharming is and how you can protect against it.
What is pharming?
Pharming is a modern cybercrime involving redirecting a victim to a fraudulent website to steal their valuable personal information. Users are tricked into handing over their banking info or other account credentials on a fake website resembling a legitimate one (of a financial institution, for instance).
The captured data is the jackpot for hackers. Now they can steal a person’s identity and access their finances.
Unfortunately, pharming is hard to detect. The reason is, you can’t tell a fake website from a real one. Sure, there may be some visual differences, but the fake website will have the same URL due to the clever technology utilised by the cybercriminals behind the attack. This complicated modern scam requires redirecting web traffic for a victim - or several victims at once - on the DNS server level.
How does a pharming attack happen?
In a pharming attack, cybercriminals exploit the vulnerabilities of a DNS server. A DNS server is responsible for converting an internet address to an IP address. Thanks to it, you get to the website address you typed into the browser. Hackers redirect the request so you end up arriving at a fake website. This is done in two different ways - through pharming malware or DNS poisoning. Let’s take a look at both.
One way of accessing the user’s web traffic is through malware, such as trojans. Hackers usually distribute these malicious programs in emails. Whenever victims open certain files or links sent to them, they will get an unfortunate secret bonus - free malware.
Malware planted on your computer or phone changes its local host files. Now, every time you try to open a legitimate website, you’ll land on a fraudulent one. And even deleting the malware won’t stop it because DNS caching will still take you to the fake stored IP addresses.
You can also become a victim of pharming if cybercriminals attack your DNS server. They can gain access to the server and reroute your web traffic. But the scary part is how DNS poisoning is hard to notice. You don’t have any malicious programs on your computer so nothing will hint at the presence of the scam. Until it’s too late and you become a victim of identity theft.
With DNS poisoning, hackers can attack not one, but thousands of devices and users at once. That’s what makes this type of fraud so dangerous.
What is the difference between phishing and pharming?
The term “pharming” comes from a combination of “phishing” and “farming” (scamming many victims simultaneously). That’s because pharming does resemble phishing in many ways. Both can happen via malicious emails. Also, in both scams, hackers steal users’ personal information to access their finances.
While phishing and pharming have similar goals and tools, these attacks differ in how they are carried out. In phishing, an email usually contains a link taking an online user to a fraudulent website with a different URL to the legitimate one. But a pharming attack is much more complicated. Your web traffic is redirected at the DNS level, not by you opening the wrong page. And the fake website you land on has the same URL as the website you tried to reach.
What’s more, phishing is pretty easy to spot. By contrast, you can become a victim of pharming without having any clue at all.
How to avoid pharming?
Luckily, there are some ways of protecting yourself against pharming. Let’s take a look at them.
Avoid links and attachments from unknown senders
As you can’t protect yourself from DNS poisoning, watch out for malicious software that enables pharming. Never open emails from any unknown or suspicious senders. Most importantly, never open attachments or links in these emails.
Only follow secure links beginning with HTTPS
Be mindful of websites you visit because they can carry malware too. A secured website is one with https:// at the beginning of its address (as opposed to http://) and a valid SSL certificate.
Steer clear of suspicious looking websites
Double-check the link before you click on it. Pharming often hides behind swapped letters or letter-to-number replacements in website addresses (e.g. 0lx.com, marksendspencer.com).
If the link looks okay but the website does not then this is yet another warning sign of pharming. Some fraudsters even bother to add privacy policies and T&Cs to their fake websites. So take your time looking around and making sure all the required content is present and correct.
Stay away from sweet e-commerce deals
If the price looks too low to be true - it probably is. Pharmers will offer you tempting discounts with deals of up to 20% less than those offered by legitimate competition. It is worth double checking the price and credentials of a seller to make sure your money doesn't go directly into the fraudsters’ hands.
Choose the right Internet Service Provider (ISP)
New ISPs may lure you in with cost-savvy deals and enormous speeds, but your privacy may be the price for those shiny perks.
When choosing your ISP, go for a reputable one. Most of them filter out any suspicious redirects by default. This ensures you will never reach the pharming website - and thus live your best online life with extra protection and peace of mind.
Use two-factor verification where possible
Today, many platforms offer two-step verification to secure their users. And you should definitely turn it on where possible. For example, take social media. If you use two-step verification for your social media accounts, you will make them harder to hack into. Because even if hackers have got your login credentials through pharming, they won’t be able to access your account.
Use a reliable DNS server
Pick the DNS server provider carefully to protect yourself from DNS poisoning. For most people, their ISP is their DNS server provider. Alternatively, you can switch to another DNS service, such as a specialized or more secure one.
Change the default settings for your home router
If you haven’t changed the default settings of your home router, then hurry up! Create a strong password for your private network and never use the standard one ever again. This will protect you from local DNS poisoning.
Use anti-malware software
Don’t forget to install antivirus software and update it frequently. This will protect your device from malware and malware-based pharming. And the best part is, anti-malware software can secure your web browser and shut down any suspicious websites before you connect to them.
What to do if you become a victim?
Here’s what you can do if you’ve become a victim of pharming.
- Run your antivirus software. Make sure there’s no more malware on your computer.
- Clear your DNS cache. Simply deleting malicious programs won’t stop your traffic being redirected. But clearing your DNS cache will.
- Contact your ISP. If you suspect you’re a victim of DNS poisoning you should let whoever is responsible for your DNS server know. In most cases, that’s your ISP.
- Contact your financial institution. Explain the situation and request they protect your accounts from further intrusion. And if you have become a victim of identity theft, then report the crime to the police.
* * *
Unfortunately, it is easy to become a victim of pharming. Anyone can. With DNS poisoning, it’s really hard to stay in control of your own privacy and security. The question is, will you let pharming happen or will you take your cybersecurity back into your own hands?
If you follow our tips on avoiding pharming, then you still have a chance to make it harder for cybercriminals and keep yourself secure.
You can protect yourself from identity theft by using advanced security tools. Check out what Clario’s Identity Theft Protection has to offer.