Imagine you’ve logged onto your favourite shopping website and begin browsing the items. Everything seems normal but little do you know that you’ve just walked into a hacker’s trap. Welcome to the world of pharming, where cybercriminals play one of the most sophisticated tricks to steal your sensitive information.
Pharming is the cyber threat that most people overlook until it’s too late. However, if you understand how it works, you can potentially prevent falling victim to this cyber trap.
What is pharming?
Pharming is a type of social engineering attack which redirects users from a legitimate website to a different, fake website, and they probably won’t even notice. Unlike phishing, which often relies on someone clicking a link, pharming manipulates the configuration of a system to perform the attack. This makes pharming more dangerous and harder to detect because it is not always clear that the system has been altered.
How does pharming work?
Pharming uses the basics of internet browsing to perform the attack. For example, the website address, such as www.google.com, must be changed to an IP address for the server to understand where to send the user to reach the website. This is where the attack comes in, which usually occurs using one of the following methods:
- DNS Poisoning: DNS stands for “Domain Name System”. The hacker can use this method to target the DNS server by changing the contents of the DNS table on the server. The DNS table contains the URL and the IP address, basically mapping the two together. When the hacker changes this table, the URL will redirect to a fake website instead of the legitimate website.
- Host File Hijacking: A hacker can send a malicious file to a target which contains code to change your computer’s host file directly. The host file contains the URL and IP address table as well, so you are redirected to a fake website instead of the legitimate website.
How to protect yourself from the cyber trap
The scary part of pharming is that it’s subtle, and there’s rarely a big “red flag” indicating that you’re on a fake site. However, these security practices can help protect you:
- Use HTTPS. Always check for the padlock icon or HTTPS in your browser’s address bar before entering personal information.
- Check website names. Check that the URL is correct when visiting a website. Always check for any strange characters that have been added or changed in the address.
- Use a good ISP. An ISP, or Internet Service Provider, is what most of us use to connect to the Internet. Use an ISP that has good security measures in place.
- Enable multifactor authentication: With MFA, even if someone steals your password, they won’t have access without a second verification step.
- Use antivirus. Run antivirus scans regularly to help detect and prevent malicious activity on your devices.
- Change your router’s default password. Always change your router’s standard password and ensure that the new password is strong and unique. This will help prevent a hacker from accessing your router and prevent possible DNS poisoning.
What if you suspect that you may have been pharmed?
If you think that you may be a victim, follow these steps to help prevent further compromise:
- Clear your DNS cache and browser cache on all your devices.
- Make sure to run a full scan on all your devices using your antivirus app.
- Change your passwords for any potentially compromised accounts. Remember to enable MFA wherever possible.
- Report the attack to the relevant company so that they can begin their investigation. This can include your ISP, bank, and your online accounts.
Pharming tactics will continue to evolve, especially with the use of AI-driven malware and other sophisticated technologies. This attack may sound complex, but if you follow these steps, you can help prevent being pharmed. Be secure!
