The Dangers Associated With Pharming

What is pharming? 

Pharming is a type of cyber-attack which is carried out by criminals redirecting web traffic from a legitimate site to a fake site with the intention of stealing their victim’s usernames, passwords, account details, financial details, and other personal data. In some instances, these fake sites aim to download pharming malware onto the visitor’s device. Frequent targets of pharming attacks are banks, online payment sites and e-commerce sites. 

Pharming is more complex than phishing and users operating with any platforms can be affected including users of Windows, Mac users, android users and iOS users. 

How is it carried out? 

Pharming exploits the foundation of internet browsing – more specifically, granted access when the internet address for example, www.google.co.uk is converted to an IP address by a DNS server.   

Pharming processes can be conducted in two ways: 

1. Through a downloaded trojan or virus which redirects the victim to a fake site instead of the legitimate one. This is known as malware pharming.  
2. Through DNS (Domain Name System) poisoning. This occurs when pharmers change the DNS table in a server to cause users to unknowingly visit the fake website instead of the legitimate one. These fake websites can be used to install viruses or trojans to obtain personal details from victims.  

It is harder to conduct successful attacks upon DNS servers as they operate on an organisation’s network, protected by its cyber security defences.  

DNS poisoning can result in many victims becoming affected and therefore is deemed as more rewarding by cyber criminals. Poisoning can advance to other DNS servers for example, an ISP (internet service provider) becoming poisoned due to receiving information from a corrupted server, leading to an increase in compromised routers and devices. Pharming attacks can be dangerous as they do not need much interaction from the target.  

Difference between pharming and phishing  

Pharming is a more complex version of phishing however there are a few differences between the two fraudulent activities to be aware off.  

Phishing depends on the ‘lure’ aspect. Once an email link or text link is clicked and the victim unwittingly provides their personal information, the criminals use the data for further criminal purposes.  

Pharming is conducted without the ‘luring’ aspect of phishing. Once access is to the target’s device is gained by the target clicking on a trojan as an example, a malicious code is installed onto the target’s device. After this, the target will be sent to a fake website, deceiving the target into providing their personal details to the fake site.  

Signs that you have fallen victim to pharming   

Signs that you have been victimised by pharmers include the following: 

• Unrecognisable transactions in your bank statements  
• Unrecognisable posts on your social media feeds 
• Friend or connection requests that have not been sent by you  
• Changed passwords  
• New programs that you have not installed appearing  

Suggestions on what to do you have been targeted: 

• Clear the DNS cache for your device  
• Run a trusted security software to remove malware and verify the security of your device  
• Contact your internet service provider about the intrusion  
• Change login details for your accounts 
• Report any fraud to the legitimate organisations  

Prevention methods against pharming 

• Adopt a strong password and refrain from using the default password at the back of the router. Passphrases are also a good, safe option which is almost impossible to brute force if the criminal uses a password cracking application. 
• Be careful is you use password manager as sometimes; password manager will remember login details and automatically fill the username and password for you if the site is legitimate. Password manager is not fooled easily and if autofill does not occur, there is a change that the website has been spoofed.  
• Have in place a good anti-malware software installed which can block active malware that is attempting to hack your device and block access to suspicious websites which may result in a poisoned DNS if accessed.  
• Use a good, reputable internet service provider which will prevent suspicious redirects by default. 
• Adopt a renowned DNS server.  This is usually the ISP server however users can switch to a particular DNS server for additional protections. 
• Make sure that links begin with HTTPS and not just HTTP. 
• Do not click on links or attachments from unknown email or SMS sources. 
• Make sure that the URL is legitimate without any typos as pharmers sometimes implement spelling tricks to deceive visitors.  
• Avoid clicking anything on a suspicious website. Suspicious websites can be detected by the level of grammatic errors present, strange fonts and colour codes as well as missing content for example, missing terms and condition sections.  
• Enable two factor authentication to make it harder for hackers to bypass your login details. In this case, even if criminals have obtained your login details, they cannot access your account. 

 How can Securiwiser help? 

Our aim is to also ensure that our clients (whether they are individual users or business owners) are confident in their knowledge about various cyber threats that their businesses and operating systems may face. This includes increasing trends of certain threats and prevention methods that are cost effective and time saving.   

Business owners, employees and the general users may forget to conduct regular scans to monitor the health of their operating system, which criminals can take advantage of to gain unauthorised access by exploiting unrecognised, underlying vulnerabilities.  

Securiwiser can conduct regular scans for your system and provide the exact details of found vulnerabilities or compromises. We can further explain these vulnerabilities in detail to our clients and provide the best course of action that will save your business time and money.