Pharming: The Super Sneaky Way Cyber Gangs Steal from You and Your Business

Updated 07/27/2022

Cybersecurity | News

Pharming: The Super Sneaky Way Cyber Gangs Steal from You and Your Business

Leave it to cybercriminals to find yet another way to steal your personal and company credentials and private information. It’s called pharming, and if you’re like most business leaders or IT professionals, you may not have heard of it.

Here’s how it works; instead of relying on a user to click on a malicious link in an email, pharming uses malware to redirect the victim's web traffic to spoofed websites.

Even if the malware doesn't work correctly, it can still cause headaches. This is because cybercriminals often don't test their software extensively. When the malware has bugs, it can cause a user's computer to shut down, randomly restart on its own, cause Blue Screens of Death, and/or other interruptions.

Pharming is mostly carried out in one of two ways:

Pharming Malware

Also known as DNS changer malware, pharming malware is a piece of software installed on a victim's computer to redirect their web traffic to controlled websites.

For example, if a user has this malware installed and tries to navigate to their regular banking website, the software sees and intercepts the process, sending the victim to a very similar, if not identical, looking website.

The user then enters their credentials, only to have them stolen by the criminal. Unfortunately, the average person usually does not look at the browser address bar and rarely notices the subtle change. The same tactic is used with search engine websites, and the results are redirected to ads or phishing websites.

DNS Poisoning

Domain Name System, or DNS, is a service that converts alpha-numeric websites into their respective IP addresses. For example, when a user types the address www.google.com into a web address bar, the Internet uses its IP address to route to it. Specific servers around the world are responsible for hosting tables of these addresses, and home computers will cache frequently used ones for faster load times.

DNS poisoning occurs when a threat actor goes after these hosting servers to intercept web traffic on a much larger scale and redirect it to a controlled site.

The methods for pharming prevention are very similar to those of all other kinds of malicious activity:

  • Never click on random pop-ups, and always manually enter your desired webpage into the browser address bar.
  • Avoid using public Wi-Fi whenever possible.
  • Use two-factor authentication wherever it is available.
  • Avoid running executables or files from unofficial websites.
  • Change default administrative passwords on network equipment, including home routers and hotspots.
  • If available, use a VPN when browsing the web.
  • Ensure websites that require your personal information use HTTPS.

We can help. Learn more about our fully managed security awareness training program. Our program will take the stress out of doing it yourself.

References:

  1. https://www.malwarebytes.com/pharming

https://www.proofpoint.com/us/threat-reference/pharming#:%5C~:text=Pharming%20is%20like%20phishing%20in,to%20an%20attacker%2Dcontrolled%20website