Put simply; phishing needs you to click on a suspicious link (the silly mistake), which downloads malware resulting in financial losses. Besides, it can be an email from your ‘CEO’ asking to make an ‘urgent’ bank transfer to a ‘vendor,’ a special category scam known as whaling phishing fraud.
In a nutshell, phishing needs your active participation, while pharming attacks (in most cases) don’t.
What is Pharming Attack?
We are used to domain names (like geekflare.com), while machines understand IP addresses (like 220.127.116.11).
When we type in a web address (domain name), it (the query) goes to the DNS servers (the phonebook of the internet), which match it to the associated IP address.
Consequently, domain names have little to do with the actual websites.
For instance, if the DNS server has matched a domain name with a non-authentic IP address hosting a spoofed website–that’s all you will see, irrespective of the ‘right’ URL you entered.
Next, a user effortlessly hands over the details–card numbers, ID numbers, login credentials, etc.–to the parody, thinking it’s legitimate.
This makes pharming attacks dangerous.
They are extremely well made, work stealthily, and the end user knows nothing until they get ‘amount debited’ messages from their banks. Or, they get their personally identifiable information sold on the dark web.
Let’s check their modus operandi in detail.
How Does Pharming Attack Works?
These are orchestrated on two levels, with the user or an entire DNS server.
#1. User-level Pharming
This is similar to phishing, and you click a suspicious link that downloads malware. Subsequently, the host’s file (aka local DNS records) is altered, and a user visits a malicious lookalike of an original website.
A host file is a standard text file that saves locally managed DNS records and paves the way for faster connections with less latency.
24th April 2018 was a black day for some of the MyEtherWallet users. This is a free and open-source Ethereum (a cryptocurrency) wallet with robust security protocols.
Despite all the goodness, the experience left a bitter taste in the mouths of its users with a net $17 million theft.
Technically, BGP Hijacking was pulled off on Amazon Route 53 DNS service–used by MyEtherWallet–which redirected some of its users to a phishing replica. They entered their login details which gave the criminals access to their cryptocurrency wallets causing the abrupt financial drainage.
However, a glaring mistake on the user’s end was ignoring the browser’s SSL warning.
This classic DNS compromise sent users to malicious websites even when they entered the official URLs.
However, it all started with the victims visiting a malicious website that downloaded a trojan because of a Windows vulnerability (now patched).
Subsequently, the virus asked the users to turn off the antivirus, firewalls, etc.
Afterward, the users were sent to parody websites of leading financial institutions across the USA, Europe, and the Asia-pacific. There are more such events, but they operate in a similar fashion.
Signs of Pharming
Pharming essentially gives full control of your infected online accounts to the threat actor. It can be your Facebook profile, online banking account, etc.
If you’re a victim, you’ll see unaccounted-for activity. It can be a post, a transaction, or as little as a funny change in your profile picture.
Ultimately, you should start with the remedy if there is anything that you don’t remember doing.
Protection Against Pharming
Based on the attack type (user or server level) you’re subjected to, there are a few ways to protect.
Since the server-level implementation is not the scope of this article, we’ll focus on what you can do as an end-user.
#1. Use a Premium Antivirus
A good antivirus is half the work done. This helps you stay protected from most rogue links, malicious downloads, and scam websites. Although there is a free antivirus for your PC, the paid ones generally perform better.
#2. Set a Strong Router Password
WiFi routers can also double as a mini DNS servers. Consequently, their safety is crucial, and it starts with doing away with the company-shipped passwords.
#3. Choose a Reputable ISP
For most of us, internet service providers also act as DNS servers. And based on my experience, ISP’s DNS gives a small speed boost compared to free public DNS services such as Google Public DNS. However, it’s important to pick the best available ISP for not only the speeds but the overall security.
#4. Use a Custom DNS Server
Switching to a different DNS server is not difficult or uncommon. You can use free public DNS from OpenDNS, Cloudflare, Google, etc. However, the important thing is that the DNS provider can see your web activity. So, you should be vigilant to whom you’re giving access to your web activity.
#5. Use VPN With Private DNS
Using VPN puts many security layers, including their custom DNS. This not only protects you from cybercriminals but also from ISP or government surveillance. Still, you should verify that the VPN should have encrypted DNS servers for the best possible protection.
#6. Maintain Good Cyber Hygiene
Clicking on rogue links or too-good-to-be-true adverts is one of the primary ways to be scammed. While good antivirus does its job of alerting you, no cybersecurity tool guarantees a 100% success rate. Finally, the responsibility lies on your shoulders to safeguard yourself.
For instance, one should paste any suspicious link into search engines to see the source. In addition, we should ensure HTTPS (indicated by a padlock in the URL bar) before trusting any website.
Pharming attacks are age-old, but how it operates is too subtle to pinpoint. The root cause of such attacks is the native DNS insecurities which aren’t addressed in totality.
Consequently, this isn’t always up to you. Still, the listed protections will help, especially using a VPN with encrypted DNS like ProtonVPN.
While pharming is DNS based, do you know scams can be based on Bluetooth too? Jump on to this bluesnarfing 101 to check how it’s done and the way to protect yourself.
Hitesh works as a senior writer at Geekflare and dabbles in cybersecurity, productivity, games, and marketing. Besides, he holds master’s in transportation engineering. His free time is mostly about playing with his son, reading, or lying… read more