Introduction to Pharming
Pharming is one of the various cyber-attacks which the attackers practice. Pharming simply redirects the user from accessing the requested site to a different but similar-looking fake site. In Pharming, simply DNS is infected so that instead of resolving to an actual IP address, it gets resolved to some wrong or fake website IP address.
The infected DNS system is generally referred to as “poisoned.”
Since the internet was developed, it has evolved too much. Evolution has happened not only in terms of usage, speed but also in how it is misused. There are always people who are looking for some sort of loopholes using which they could enter the whole system. Once entered, they could exploit the resources and could easily misuse them. Several ways or mechanisms are using which exploitation is done. Phishing, cyberbullying, Drive-by attack, Password attack, SQL injection attacks, Cross-site scripting (XSS) attacks are commonly used. Once such a common attack is Pharming, so now let us know what it is.
What is Pharming?
Suppose we try to explain in simple words. In that case, we can say that Pharming is a simple cyber-attack that works on the logic of redirecting the user to a different URL or website when a user tries to use access the original website. Pharming is a relatively new work. Here initial two characters, the “Ph” keyword Pharming, are derived from the term “Phishing.” Phishing is another type of cyber attack where intruders try to receive user credentials by making a look-alike fake page of original popular websites. Normally it is the role of DNS servers to resolve requested domain names to respective website IP addresses. However, an infected DNS server resolves the domain name to fake site IP addresses. Once the user lands on such fake site websites and enters credentials, the user’s credentials are captured and are used for wrong uses.
There are several ways by which Pharming is generally practiced. One such common way is to update or infect the user’s local system host files. They generally infect personal computer host files. An attacker generally sends them some malicious code that infects their local system host files. It is the host files’ role to convert user-requested URLs into several manipulated strings, which the computer uses to access websites.
Another common form of Pharming is infecting DNS directly. The role of DNS is to resolve the user’s requested domain name to a respective website IP address. An injected DNS wrongly resolves incoming request and hence redirecting the user to malicious pages.
What is the purpose of Pharming?
By now, it is quite clear that for what Pharming is generally used for. Like any other cyber-attack, pharming too is practiced with the wrong intention. The basic minds behind Pharming try to get user sensitive information such as username and passwords. These collected sensitive user information are then used for various fraudulent transactions like banking transactions etc.
Another common use or purpose of Pharming is to generate traffic to a webpage. This is done basically to generate revenue by generating traffic on a particular website domain. As more and more traffic is generated by redirecting to the wrong website, more and more revenue is generated.
How do you recognize Pharming?
There are several ways to recognize Pharming. However, there is no full-proof mechanism by which we can say that following a particular set of operations will keep users safe from Pharming. Let us try to look at a few different ways by which we could detect fake websites, at least on a broader scale.
Look for secured websites only – Once you are migrated to a particular website, always check secured websites. Like your website should follow Https:// protocols. For example, the website should start with https://www.WEBSITE.com. If the website is following secured HyperText Transfer Protocol, then only proceed to enter your valuable credentials.
Now let us try to know that apart from the https protocol, what are the other ways by which we can detect fake websites.
- Defacements – Look for any defacement like attackers generally remove original logo with the similar-looking logo
- Suspicious pop-ups – Check if the website is showing unwanted ads and pop-ups.
- SEO spam – Comments containing website URL is another way to detect vulnerable website
How do you prevent Pharming?
Several ways are using which Pharming could be totally avoided. Although using malware and anti-virus has no impact on it. There is no point in using such tools against Pharming as in most of cases; an attack is done online while navigating URL’s despite the host system.
Now let us look at how Pharming could be prevented.
- Do not click on URL directly – For navigating to a website, do not open a URL by clicking on a URL directly contained in emails or something. If you wish to visit a website, then always open a new tab or browser and manually enter the desired website link you wish to visit.
- Avoid clicking ads on websites – Do not click on ads and pop-ups, which randomly appear on different websites. These ads could be the potential source for the same.
- Check for https keyword – As explained earlier, also always use websites which has secure protocols. Never try to access those websites which are not following secured protocols.
There are several ways by which attackers do cyber attacking. Pharming is one such mechanism. They generally try to find loopholes in the system and then try to get benefit from such loopholes by misusing them. Generally, due to our negligence, we always visit any website and use it without paying attention to the authenticity of the visited website. Some of the other way it is our duty also to detect such malicious websites and avoid using them.
This has been a guide to What is Pharming. Here we discussed the introduction of some basic concepts, definitions, and how to prevent Pharming. You can also go through our other suggested articles to learn more –