Pharming: Redirecting You to Rob You

Pharming

To start with, what is Pharming anyway? Pharming is a type of online scam where a malicious actor redirects internet traffic from a legitimate website to a fake website that is designed to steal sensitive information such as usernames, passwords, and credit card numbers. You know how sometimes at night some sketchy, big, fat guy directs you to the wrong route and would probably murder you if you go down that path. Yeah, this is that but on internet.

The term “pharming” is a combination of “phishing” and “farming,” reflecting the idea that the scammers are cultivating a fake website to harvest personal information from unsuspecting victims.

 The goal of a pharming attack is to trick users into entering their personal or financial information into the fake website, which can then be used for identity theft, financial fraud, or other malicious activities.

What does a typical Pharming Attack look like?

Pharming attacks can be carried out using various methods, including DNS cache poisoning, malware, or man-in-the-middle attacks. In a DNS cache poisoning attack, the attacker alters the DNS cache of a computer or network to redirect users to a fake website. When a user types in the URL of a legitimate website, the computer checks the DNS cache to see if it has the IP address of the website. If the DNS cache has been poisoned, it will have the IP address of the fake website instead of the legitimate one, and the user will be redirected to the fake website.

In a malware-based attack, the attacker infects the victim’s computer with malware, which modifies the DNS settings on the victim’s computer. The malware can also add a new entry to the victim’s DNS cache, directing their browser to the fake website. Once the DNS settings or cache have been modified, the victim is redirected to the fake website when they try to access the legitimate website.

In a man-in-the-middle attack, the attacker intercepts the communication between the victim’s computer and the legitimate website, and redirects it to the fake website. The attacker can do this by intercepting the network traffic and modifying the data being sent between the victim and the legitimate website. This can be done through techniques such as ARP spoofing or packet sniffing.

Once the victim is redirected to the fake website, it may look identical to the legitimate website, including the branding, layout, and functionality. The fake website may also have a URL that is similar to the legitimate website, making it difficult for the victim to detect the attack.

The victim may then enter their login credentials, such as their username and password, into the fake website, thinking that they are logging into the legitimate website. However, the attacker captures the information entered by the victim and can use it to access the victim’s accounts, steal sensitive information, or conduct fraudulent transactions.

Types of Pharming Attacks 

DNS Cache Poisoning

In DNS cache poisoning attacks, attackers use various methods to corrupt the DNS cache of a computer or network, such as sending spoofed DNS response packets to a victim’s computer or exploiting vulnerabilities in the DNS software. Once the DNS cache is poisoned, the victim is redirected to a fake website when they try to access a legitimate website. For example, an attacker can corrupt the DNS cache of a victim’s computer to redirect them from a legitimate banking website to a fake website that looks identical to the original website, where they can steal the victim’s banking credentials.

Malware-Based Pharming

Malware-based pharming is a common method used by attackers to redirect users to fake websites. In this method, the attacker infects the victim’s computer with malware, such as a Trojan horse, which modifies the DNS settings on the victim’s computer to redirect them to a fake website. The malware can also add a new entry to the victim’s DNS cache, directing their browser to the fake website. For example, an attacker can use a Trojan horse to modify the DNS settings of a victim’s computer to redirect them to a fake website when they try to access a legitimate banking website, where the attacker can steal the victim’s banking credentials.

Man-In-The-Middle Attack

 In a Man-In-The-Middle attack, the attacker intercepts the communication between the victim’s computer and the legitimate website, and redirects it to a fake website. The attacker can do this by intercepting the network traffic and modifying the data being sent between the victim and the legitimate website. This can be done through techniques such as ARP spoofing or packet sniffing. For example, an attacker can use ARP spoofing to redirect a victim’s network traffic to a fake website that looks identical to a legitimate banking website, where they can steal the victim’s banking credentials.

Hosts File Modification

 In hosts file modification attacks, the attacker modifies the hosts file on the victim’s computer to redirect traffic from a legitimate website to a fake website. The hosts file is a file on the victim’s computer that maps domain names to IP addresses. By modifying this file, the attacker can redirect the victim’s browser to a fake website. For example, an attacker can modify the hosts file on a victim’s computer to redirect them to a fake website that looks identical to a legitimate e-commerce website, where they can steal the victim’s credit card information.

Router-Based Pharming

 In router-based pharming attacks, the attacker gains access to the victim’s router and changes its DNS settings to redirect users to a fake website. This can be done by exploiting vulnerabilities in the router’s firmware or by guessing the default login credentials of the router. For example, an attacker can exploit a vulnerability in a victim’s router to change its DNS settings and redirect them to a fake banking website, where they can steal the victim’s banking credentials.

What is the statistics of Pharming Attacks in the USA?

Phishing scams increased in the USA by more than 34% from 2020 to 2021, with over 323,972 reports made to the IC3. However, the average victim loss decreased by 40% from 2020, with $136 lost per victim compared to $225 in 2020. BEC/EAC scams accounted for 19,954 complaints from organizations in 2021, which is a 3% increase on 2020’s figures, and $2,395,953,296 was lost to these BEC/EAC scams in 2021, which is a 28% increase on 2020’s figure.

Moreover, 79% of US organisations experienced a successful phishing attack last year, which is nearly 4% lower than the global average but a 6.5% year-on-year increase. Additionally, 33% of all data breaches against US organisations were caused by phishing/smishing/BEC attacks in 2021. The Identity Theft Resource Center suggested that attackers prefer phishing and ransomware because they require less effort, are largely automated, and generate higher payouts than taking over the accounts of individuals.

In 2021, there was an uptick of TOAD (Telephone-oriented attack delivery) using fraudulent emails, call centres, well-designed websites, and mobile apps. Due to more people working from home, these attacks were capable of targeting both personal and organisational email addresses. Additionally, cryptocurrency-related phishing sites increased by 1,800%, accounting for 20% of all targets in November 2021.

The IC3’s Annual Crime Report states that phishing attacks cost victims $44,213,707 in 2021, down by over $10 million from $54,241,075 in 2020 (not including BEC/EAC scams). The average victim loss in 2021 was $136, down by over 39% on 2020’s figures ($225) and 73% less than 2019’s figures ($504). In 2021, phishing attacks made up 38% of all cybercrimes reported to the IC3 but only 0.64% of the overall losses. In 2020, phishing attacks accounted for almost 30% of the reported crimes and 1% of victim losses. And in 2019, phishing attacks accounted for a little over 25% of the reported crimes but 1.7% of victim losses.

How to protect yourself from Pharming?

Way #1 Install and regularly update antivirus software

 Antivirus software can detect and prevent attacks from malicious websites and block phishing attempts.

Way #2 Use a secure browser

A secure browser is less vulnerable to pharming attacks. Popular secure browsers include Google Chrome, Mozilla Firefox, and Microsoft Edge.

Way #3 Keep your operating system up to date

 Regularly updating your operating system can help protect you from known vulnerabilities that hackers can use to execute a pharming attack.

Way #4 Check the URL of the website you are visiting

Always check the URL of the website you are visiting to ensure that it is the correct one. Attackers may use URLs that are very similar to the real one, so be sure to double-check.

Way #5 Use two-factor authentication

 Two-factor authentication adds an extra layer of security to your login process by requiring a second authentication factor in addition to your password. This makes it harder for attackers to access your account even if they have your login credentials.

Way #6 Avoid clicking on suspicious links

 Be cautious of clicking on links in emails or text messages from unknown senders. Always hover over the link to see the actual URL before clicking on it.

Way #7 Enable DNSSEC

 DNSSEC (Domain Name System Security Extensions) is a security protocol that verifies the authenticity of the DNS server. Enabling DNSSEC can help prevent pharming attacks by ensuring that you are directed to the correct website.

Way #8 Use a VPN

 A virtual private network (VPN) encrypts your internet traffic, making it more difficult for hackers to intercept your traffic and redirect it to a fake website.

Way #9 Educate yourself

 Stay informed about the latest phishing and pharming techniques so that you can recognize them and avoid falling victim to these attacks.

FAQs

What does pharming mean in computer terms?

Similar to phishing, pharming is a threat that deceives users into disclosing personal information, but instead of using email as the attack vector, pharming employs malicious code that is executed on the victim’s device to send them to an attacker-controlled website.

How does pharming work?

Like phishing, pharming is a threat that coerces users into disclosing personal information, but instead of using email as the attack vector, pharming employs malicious code that is executed on the victim’s device to send them to an attacker-controlled website.

What is pharming in cyber security?

Similar to phishing, pharming is a threat that deceives users into disclosing personal information, but instead of using email as the attack vector, pharming employs malicious code that is executed on the victim’s device to send them to an attacker-controlled website.

Read More : How to Catch Spyware Before it Snags You: A Comprehensive Guide

    Leave a Reply

    Your email address will not be published. Required fields are marked *