By Corey Skrede, Account Executive, Locknet Managed IT
Pharming is a type of social engineering cyberattack. In that way, it has similarities to phishing which tricks targets into sharing information or clicking on something malicious. Where pharming differs is that it tricks users who are trying to reach a specific website by spoofing that site and capturing personally identifiable information or installing malware. Instead of relying on an email to trigger the cyber-attack, pharming uses malicious code to redirect the victim to the attacker’s spoofed website. Cybercriminals who utilize pharming tactics often target websites in the financial sector, social media channels, or e-commerce sites to steal a victim’s identity.
Here is a further breakdown of the difference between phishing and pharming:
- Phishing. Cybercriminals send an email that appears reputable. The email contains malicious content, which may include malware or a malicious website link.
- There isn’t necessarily an email enticement with pharming, but phishing can be a first step for a later pharming attack. With pharming, the hacker installs malicious code on a computer or server. Then, the code sends the user to a fake website. The redirection to the fake site is automatic based on the malicious code running in the background.
A pharming attack doesn’t necessarily need a phishing lure to get started. Instead, it just plants a seed you don’t know is there and harvests the user’s information later.
How does pharming work?
Pharming is a sophisticated cyber-attack that requires more work from the cyber criminals, making them less common than phishing attacks. None the less, the impact of a pharming attack can be significant. Typically, pharming uses one of the following techniques:
- Malware infection. Malware in the form of viruses or trojans execute pharming attacks by infecting a computer or network, altering DNS settings, or manipulating the host’s file. Users trying to access a legitimate website are unknowingly redirected to a malicious one instead.
- Host file modification. The local file on a computer that maps domain names to specific IP addresses is modified to redirect to the malicious website.
- DNS cache poisoning. Vulnerabilities in the Domain Name System (DNS) are exploited, and the DNS cache is poisoned, so attackers can manipulate the mapping between domain names and IP addresses.
- Rogue DNS servers. Attackers set up rogue DNS servers that provide fake IP addresses and lead users to fraudulent websites.
Once users are redirected to fraudulent websites, pharmers obtain personal information. The attackers then either use the credentials for financial fraud or account access. They may also sell the information to other criminals on the dark web.
So, what does a pharming attack really look like? Here are just a few notable real-world examples of pharming.
- Large-scale banking attack. In 2007, over 50 financial institutions across the US, Europe, and Asia were targeted. The sophisticated attack created an imitation web page for each targeted financial company using a combination of malware and DNS server poisoning.
- Brazil’s phishing and pharming attack. In 2015, attackers sent phishing emails to users of Brazil’s largest telecom company. Links in the emails downloaded pharming malware which allowed attackers to exploit vulnerabilities and change their routers’ DNS server settings.
- Venezuelan volunteer attack. In 2019, hackers attacked a Venezuelan volunteer organization, directing users to a fake website and stealing their personal information.
Some tips for preventing a pharming attack
- Pharming attacks rely on software vulnerabilities, so keep systems up to date with the latest security patches.
- Use caution and ensure you are on a legitimate website before entering any personal information online.
- Double-check website URLs for typos before clicking on links and entering information.
- Only follow links that begin with HTTPS to ensure the site has a valid security certificate.
- Use multi-factor authentication to add additional security.
- Avoid connecting to public Wi-Fi networks or unknown hotspots.
- Update the default password on your Wi-Fi router to be a strong password.
Security awareness and training is a strong defense
While the tips above are helpful for both the home and workplace, ongoing security awareness is one of the best defenses against pharming attacks. Security education and awareness training can help employees recognize new suspicious warning signs, develop tools for verifying the authenticity of websites, and hone strategies for identifying social engineering attacks.