GUEST ESSAY: A full checklist on how to spot pharming attacks — and avoid becoming a victim

By Peter Baltazar

Cybercriminals use various techniques for conducting cyberattacks. One such popular way to infiltrate a system is Pharming. It is an online scam attack quite similar to Phishing.

Related: Credential stuffing explained

The term Pharming is a combination of two words Phishing and Farming. It is a type of social engineering cyberattack in which the website’s traffic is manipulated to steal confidential credentials from the users. Cybercriminals design a fake website, basically the clone of an official one, and use various means to redirect users to the phony webpage when visiting any other legit site.

Primarily the Pharming attack is planned to gain sensitive data like login credentials, personally identifiable information (PII), social security numbers, bank details, and more. The attackers can also use it for installing malware programs on the victim’s system.

Pharming vs phishing

Though Pharming and Phishing share almost similar goals, the approach to conduct Pharming is entirely different from Phishing. Unlike Phishing, Pharming is more focused on sabotaging the system rather than manipulating the victims. However, we will later know how Phishing plays a vital role in conducting Pharming.

The Pharming attacks are carried out by modifying the settings on the victim’s system or compromising the DNS server. Manipulating the Domain Name Service (DNS) protocol and rerouting the victim from its intended web address to the fake web address can be done in the following two ways:

•Changing the Local Host file. In this method of manipulating DNS, the attackers infiltrate the victim’s device and change the local host file. A local host file is a directory of IP addresses. The modified local host file would redirect users to the fake website whenever they try to open the legit site the next time. The phony website is designed similar to the one victims intended to visit so that the users are not alarmed.

To modify the local host file, the attacker primarily uses the Phishing technique so that the malware required to alter the host file can be deployed to the victim’s system.

•DNS Poisoning. The second way to redirect traffic is by exploiting the DNS server vulnerabilities and poisoning the DNS. In this way, even if the victim types the correct address on the address bar, they would be redirected to the corrupted URL, which is controlled by the cyberattackers. In this method, the attacker does not have to rely on the action of the victim, which makes it more dangerous. The good thing is that the DNS servers are tough to exploit as they have a good defense mechanism.

However, if conducted successfully, DNS poisoning is far more rewarding than altering the local host file as poisoning can spread to other DNS servers.

Tell-tale indicators

Several signs might indicate that you have become a victim of Pharming:

•You receive credit card bills that you don’t remember spending.

•You notice some messages or posts on your Social Media channels that you don’t remember posting.

•The passwords of some of your online accounts changed without your intervention

•There are several programs on your device that you don’t remember installing.

Pharming is conducted very skillfully so that the victims cannot suspect it. However, if the users are attentive and notice specific patterns, then Pharming can be recognized. Here are a few factors you can look for to verify whether a website is fake or real:

•Check the website’s URL. The attackers cleverly create fake URLs by manipulating the original URL address. For example, Amazon.com is depicted as Amaz0n.com, or something.gov.us is copied as somethinggov.us.

•Check for a valid SSL certificate. An SSL certificate ensures that the website is encrypted and secure. If the URL contains HTTPS, it means that the site is equipped with the SSL certificate. If it is only HTTP, then the site is unsecured, and users should avoid providing any information to this site.

•Take notice of design changes. If you regularly visit a site and notice something odd in its appearances, like the theme color or design. Though it is natural for website developers to amend changes, the legitimate developers would inform users about the changes.

A few more tips

Baltazar

Pharming is one of the dangerous cyber attacks as it requires minimal user intervention. The user can have an utterly malware-free system and still become the victim of Pharming through DNS poisoning. Here are some preventive measures:

•Stay informed. Keep yourself updated with the latest Pharming techniques used by cybercriminals by following the cybersecurity blogs, magazines, and news portal.

•Use a reputed Internet Service Provider (ISP). A goof ISP can implement a large number of security measures to filter out the Pharming websites.

•Use a reliable DNS server. The DNS server is pre-assigned based on the ISP. However, you can change it with a more secure one.

•Check website URLs. As already mentioned, the attackers manipulate the spellings of popular URLs and use them to trap users. Users must thoroughly check the URLs for any spelling mistakes before browsing or filling in any information on them.

 •Never follow any HTTP links. The URLs beginning with the HTTP aren’t secured with the SSL certificate. It is advised not to visit and provide any data to such websites.

•Enable multi-factor authentication on all your accounts. If it is active, then even if the cyber attackers get their hands on your credentials, they won’t be able to access your account.

•Keep your system equipped with a robust security solution. Security applications like MalwareFox can provide all-rounder security to your device from dangerous external threats. It can also offer web protection from unprotected sites and spam.

About the essayist: Peter Baltazar is a cybersecurity consultant for Malwarefox.com. He likes to educate people about the latest technological threats. You can also find him on Quora.

 

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone