Pharming
Data ProtectionDefinition
Redirecting users to fake sites to steal credentials.
Technical Details
Pharming is a cyber attack technique that redirects users from legitimate websites to fraudulent ones without their consent. This is typically achieved by manipulating DNS settings or by exploiting vulnerabilities in web browsers or applications. Attackers can alter the DNS resolution process, so instead of connecting to the intended IP address of the legitimate website, the user is sent to a malicious IP address. This redirection can occur without the user's knowledge, making it particularly dangerous as it can lead to credential theft, data loss, and unauthorized access to sensitive information.
Practical Usage
Pharming is used primarily to deceive users into entering their personal information, such as usernames, passwords, and financial details, into fake websites that mimic legitimate ones. This method is often implemented in conjunction with phishing campaigns where users are lured to visit the fake sites. Organizations must employ security measures such as DNS security extensions (DNSSEC), secure web gateways, and browser security settings to protect users from pharming attacks. Additionally, educating users about recognizing suspicious URLs and the importance of verifying website authenticity is crucial.
Examples
- In a pharming attack, a user may type in 'www.bank.com' but is redirected to 'www.fakebank.com' due to altered DNS settings, where they unknowingly enter their bank credentials.
- Attackers might compromise a router's firmware, changing its DNS settings to point to malicious servers, which then redirect all users connected to that network to fraudulent sites.
- A well-known case involved a malware program that modified the hosts file on a victim's computer, redirecting connections to popular sites like PayPal or eBay to counterfeit versions designed to harvest login credentials.