Pharming is a form of cyber-attack which closely resembles phishing, but differs in several of its characteristics. It is one of the favourite methods used by cyber criminals to steal personal data or access sensitive data.
The most common objective of such an attack to gain access to financial data. The criminals do this by using an ingenious technique which allows them to steal the unfortunate victim’s identity. This allows them to access bank accounts, transaction details and many other online services.
The differences between phishing and pharming
There are strong similarities between phishing and pharming attacks. They are both designed with the same purpose, which is to lead the victim to interact with (almost) perfect replicas of the most well-known home banking portals, in order to steal their access details.
The methods used to achieve this aim differ according to the type of attack. In the case of phishing, alarming sounding emails are sent, designed to make the user click on bogus links which are connected to the above-mentioned malicious sites.
With pharming however, the technique used to redirect users to the replica sites is more insidious and technical. The most common method is to manipulate the DNS (Domain Name System), by altering its normal functioning. In this way, when the user types the (correct) address of their home banking site into the browser window, they are immediately redirected to the malicious duplicate site.
The techniques described above are not only used to target private individuals, but also to attack companies and businesses. With just a few small technical adjustments, serious economic damage can result. In the United States, the cost of such attacks has been estimated at 48 million dollars per year.
How a pharming attack is launched
In order to carry out a pharming attack, the DNS must be targeted, whether at local level (via the individual user’s private terminal) or at global level (by targeting the Internet Service Provider directly).
The easiest approach is, of course, to target a single personal computer. The cyber criminals do this by modifying the caches or the file hosts. This can be done by exploiting the vulnerabilities of certain web browsers or by obtaining physical access to the device; certain types of malware can even carry out modifications remotely.
If IT hackers target the global DNS servers of an ISP, the scope of the attack is increased tenfold. Hacking an ISP means hacking all the devices that use those DNS around the world (via a procedure known as DNS Cache Poisoning) contemporarily. This is why it is strongly recommended to choose a secure DNS.
Is it possible to defend ourselves from pharming?
When navigating the web, a user’s best line of defence is the human factor. Being suspicious of certain web pages or links is the first alarm bell and should never be ignored. If you notice tiny differences in the portal, unexpected changes, grammatical errors or glitches in the graphics, it is wise not to enter any sensitive data.
It is also very important never to leave a terminal unattended, especially when it is turned on, details have already been entered or login has already been carried out. Companies should always keep security in mind, by updating their systems and investing in new and reliable technologies.
Other good practice to help limit or remove the threat of pharming completely include:
- Always use 2 channel authentication (if possible);
- Be wary of suspect sites (especially those that do not use the HTTPS protocol);
- Use an up-to- date antivirus and antimalware to protect from online threats;
- Choose well-known and well-protected ISPs.
Translated by Joanne Beckwith