What is a Pharming Attack and How to Prevent it?

Hackers and scammers have become very proficient at what they do to the level that very often their victims are not even aware that they are sent to a fake website. Such a website is called a pharming website.

Pharming is an Internet scam similar to the better-known phishing, but with some notable differences (of which we’ll talk in a bit) and it basically exploits the way the Internet itself works.

Let’s take a look at how a pharming attack works and how to prevent it.

How Does a Pharming Attack Work?

In 2017, more than 50 banks and other financial institutions around the world (United States, Europe and Asia-Pacific) were targetter in one of the biggest pharming attacks in history that resulted in 1,000 computers being infected per day over three days.

We already mentioned that pharming manipulates the way the Internet itself, or more specifically Domain Name System (DNS) works.

Here’s a little reminder on how DNS works:

When you visit a website, your computer stores its domain name and IP address locally in a “hosts” file.

Think of DNS as the “Internet phone book”. We humans use domain names like CTemplar.com or websites like CTemplar to find what we need on the world wide web. Web browsers, on the other hand, need to translate that to a numerical IP address so they can load resources and access a server where that domain is housed.

Normally, this happens almost instantaneously, but behind the scenes, it’s a very complicated process that involves several servers through which a DNS query needs to pass through.

If the query was successful, you end up on the website. If not, you may see something like this:

404 page

What pharming does is it corrupts either the DNS cache or the DNS server itself.

Therefore, there are two types of pharming attack:

  1. DNS server phishing

We already mentioned that a pharming attack can be difficult to detect. This is because the user’s computer itself can be completely okay and malware-free, but the DNS server is corrupt and directs the user to a fake IP address.

  1. Malware-based phishing

On the other hand, a hacker may also install malicious software on the user’s computer and have that malware direct them to a spoofed website. Usually, the victim would get a malicious email with a code that modifies their computer’s local host files and direct them to a fake or fraudulent website (even if they actually type the real domain name).

What is the Difference Between Pharming and Phishing?

Although very similar, these two scams are different.

The main difference is that, like with actual fishing, a phishing scam uses something to “bait” the victim. This can be an email that appears to come from a legitimate organization that contains a link to a spoofed website where the user is lured into entering his or her personal info.

Pharming doesn’t use bait. Instead, the hacker sends the victim to a fake website without their knowledge and consent. This scam is harder to detect than phishing since the user themselves enters the URL to a spoofed website and therefore believes they are on the real one.

With a phishing website, the URL will be different from the real website you want to visit (and therefore you can detect it if you look close), but the URL of a pharming website is actually the same as the one for the real site.

Fortunately, a pharming attack (whether through malware or DNS poisoning) takes more effort on the hacker’s part to execute. This means a hacker needs to be at least moderately skilled to do it.

This table shows the main differences between pharming and phishing:

PhishingDNS-Based PharmingMalware-Based Pharming
Scope & FrequencyOnly targets one user at a time.Can target multiple users, multiple times (anyone visiting the corrupted DNS server).One user, but can do it multiple times.
Attack VectorUses an email link to send the victim to a fraudulent website.Attacks the DNS server itself. No “action” from the user like clicking on a malicious link or downloading malware is required. Instead, the corrupted DNS leads the user to a spoofed site.The hacker sends an email to the victim with a malicious link. If the user clicks on the link, malware gets installed on their device that takes them to a fake website
ComplexitySimple for most hackers to execute.Takes a more skilled hacker to do.Takes a more skilled hacker to do.
URLThe phishing and real website have different URLs.The address bar will show the same URL as the real site.The address bar will show the same URL as the real site.

How to Prevent a Phishing Attack?

Look here for the best email security tips to secure your email in general.

So how do you stop something that you might not be aware of happening in the first place?

Pharming attacks are tricky to detect, but some red flags will tell you that you’ve been “pharmed”. Pay close attention to these:

But that’s the “after” and we want to know how to prevent pharming in the first place. Here are a few things you can do to prevent pharming:

  1. Pay close attention to the websites you are visiting. Even if the URL is right, look at the content and how the website looks. Very often pharming websites are lazily created and are full of grammar errors, broken English and are poorly designed.
  2. Change the router password. When you first get the router from your ISP, it will have a default password. These can often be easy to crack by hackers (don’t be surprised if your password is literally “password”). Change that to something more unique.
  3. Regularly update your software. Hackers always find a way to exploit some security flaw or vulnerability, which is why software companies constantly update their products. If you haven’t updated your software in a while, you are risking a lot. This especially goes for any anti-virus or firewalls you have.
  4. Look out for any malicious emails you get. Although this won’t help you if the DNS server itself has been poisoned, with malware-based poisoning, it can save you a lot of trouble. Keep an eye on things like the sender’s email address and if it matches the company’s domain name, poor grammar and don’t click links unless you’re 100% sure they come from a legitimate source.

The best way to protect your email is to use a secure email service that will protect and safeguard your sensitive data.

CTemplar enables you to become a ghost and sign up anonymously without a phone number or a credit card. It will also protect you against phishing attacks by setting up a phrase that will alert you to any phishing attempts and providing zero data access, so only the recipient can read your emails.

Looking for a secure way to email? Try CTemplar today.