Are you phished or pharmed? It is dangerous anyway…

Phished people were exposed to an attack for an average of 17.5 hours before antivirus software discovered it. With pharming, it takes much longer.

Phishing and pharming schemes are still one of the grimmest threats to companies and individuals. Even internet giants like Google and Facebook got conned out of hundreds of millions USD via phishing and pharming schemes.

A phishing scam is a practice aimed at stealing personal information such as user IDs and passwords. It is usually done by emails crafted and sent by an identity fraudster, who claims to be from a legitimate company. Phishing scams can also trick the Internet users into downloading an infected file, clicking a bogus hyperlink, or giving up private information. All of this can lead to identity theft.

A pharming term comes from a combination of the words “phishing” and “farming”. This type of cybercrime is very similar to phishing but exploits the foundation of how Internet browsing works.

More precisely, for the Internet connection to proceed, the sequences of letters that form an Internet address (e.g. http://www.google.com) have to be converted into an IP address by a Domain Name Server (DNS) (e.g. 108.177.16.0). To redirect traffic to a bogus site, hackers may install a virus or Trojan to our computers – or even can use this malware in an attempt to directly collect personal and financial information for use in identity theft.

A practical example is an exploit kit, named ‘Novidade’, which targets home or small office routers by changing their DNS settings via cross-site request forgery (CSRF). This kit enables attacks on a victim’s desktop or mobile device through web applications authentication.

Once the attackers changed a legitimate DNS setting to that of a malicious server, they then can execute a pharming attack. It is done by redirecting the targeted website traffic from all devices connected to the same router.

This is an especially worrying form of cybercrime because, in cases of DNS server poisoning, the affected user can have a completely malware-free computer and still become a victim. Once confidential information such as a credit card number, bank account number or password has been entered at a fraudulent website, criminals have the information and the identity theft can be the result.

Summarised, pharming is a scamming practise in which malicious code is installed on a personal computer or server, misdirecting users to fraudulent websites without their knowledge or consent. Some called pharming as ‘phishing without a lure’ as it is a potentially more ominous than typical phishing – it bypasses the need to lure the Internet users into responding to spam email messages.

While pharming is not as frequent as phishing scams are, it can impact many more people at once.  This is especially true if a large DNS server is altered. 

Preventing pharming

First of all, it is important to install cybersecurity software that will catch any viruses before they damage our computer. The protection starts with the installation of a robust anti-malware and antivirus solution.

It is also worthy of mentioning that those people running DNS servers have some reasonably sophisticated anti-pharming techniques at their disposal, but the risk of being hacked is always there.

Secondly, when redirected to a bogus website, look out for an ‘invalid certificate’ message popping up in the browser. This message could be a sign that the connection request is taken to a deceitful site.

Thirdly, we should never submit our identification data to a website which does not show a padlock icon in the address bar. The padlock indicates that the data is encrypted and therefore cannot be intercepted in transit. However, we should still be cautious as the presence of a padlock does not mean the website itself is authentic as cybercriminals are often using encryption on their sites to increase trust – hence, to increase the likelihood that potential victims will trust that site.

Fourthly, double-checking the validity of the URL website address in the address bar is a good practice. If not sure, a quick Google search on the site’s reviews can help in determining whether we are accessing the right website or bogus one.

Besides, we should carefully check the web address in the address bar for subtle misspellings, additional words and characters and other irregularities. If we find any, it might indicate that we are redirected to a counterfeited website.

Generally, we have to be smart when browsing the Internet – particularly browsing and using those websites that contain our personal or financial information. If the website looks strange, the address in the address bar looks suspicious, or the site starts asking for your confidential information – double-check the validity of that site.

These steps will prevent most malware from accessing our computers and changing the ‘hosts file’, which maps hostnames to IP addresses. As we have mentioned in our previous posts, we can mitigate cybersecurity risks, including ones described in this article, through a combination of anti-malware technologies, personal cybersecurity protection practices and continuous awareness.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s