Pharming is a type of cyber crime. It is very similar to phishing attacks. The Pharming attacks to name resolution process. However, There is a DNS server in each network. In fact, each computer has its local DNS service. A pharming attack uses two way for attack to this process:
First Way
Attacker installs a virus/ Trojan on victim computer. This vrius/trojan changes the computer’s hosts file to direct traffic away from its intended target, and toward a fake website instead. Is not it a phishing attack? Read about virus and trojan in this post.
Second Way
It is a DNS poisoning attack. Attacker poison a DNS server, at result multiple users unintentionally visit the fake site. Fake websites that can be used to collect financial and personal information of the victim or to install Trojans on his (or her) computer.
However, both methods lead the user to a very similar but fake website instead of the real one (for example, a banking website). Here, unless the user himself is smart enough to realize that this website is a fake website, otherwise he (or she) will be victim. We can claim that pharming is a form of social engineering cyber attack, in this step.
In a detailed report on cyber-attacks in 2019, FBI put pharming and its family attacks (including Phishing/Vishing/Smishing) at the top of the list of most successful attacks. The report states that 114,702 people or organizations in the United States were victims of this family of cyber-attacks in 2019. In other words, this family has caused about $ 58 million in loss to organizations. Read this report.
The risk of being hacked is always there Even though DNS servers have some sophisticated anti-pharming techniques at their disposal.
The protection against such attacks depends in part on the care of the user. For example, if a website asks you for unusual information, you should be suspicious of that website. Secure websites have a lock icon in the corner of the browser’s address bar, which symbolizes that the site has a security certificate for the SSL Protocol. Make sure that the website that receives the information from you has this lock. Even if you want to be a little more careful, it’s a good idea to check the SSL certificate of this website.
In addition, the address of this fake website will be different from the real website address, because it is not possible that the two URL addresses are completely similar to each other. The URL address of a fake website will be different from that of a real website, at least in a character. It is better to train your employees in this case. Complete simulation of the appearance of a real website is also usually very difficult. A user may be very smart, and careful about the differences, of course it’s not something that can be relied on too much to protect such attacks.
Also, installing a powerful and well-known anti-malware will help protect against this attack. Make sure the anti-malware has a license and receives updates, and its protection settings are on. Anti-Malware usually prevents you from clicking on suspicious links (which can be used for cyber attacks) in email messages or even on websites. In such a case (depending on the settings as well as the strategies of the malware manufacturer), the malware will either prevent the link from loading or you will be given the necessary and sufficient warnings.
———————————
Source: kaspersky.com
