Did you know that your favorite websites might have been harvesting your data and sending it straight to a hacker?
Well, not the original website but a very convincing lookalike. The scary thing is you might be misdirected at any time and you won’t even notice it.
Then everything you’ll type in, like your login details and passwords, will end in hacker’s hands. That’s how insidious pharming is.
Pharming is a portmanteau of the words “phishing” and “farming.” It’s similar to phishing, but there are some key differences.
In phishing, victims are usually tricked into clicking on suspicious links, which take them to bogus sites and download viruses.
In pharming, the victim is also directed to a fake website, but there’s no need for the victim to click on any links as your traffic is redirected without your interference.
In fact, there might be no warning signs that you’re on a spoofed website!
After redirecting legitimate website traffic, the lookalike website grabs your data while you type and send it straight to the hacker.
Imagine being on what you think is your bank’s website and entering your login details, passwords, and financial information.
This personal information in the wrong hands could result in you losing your hard-earned cash or even your identity.
There are two types of pharming attacks you should know about.
Pharming using your device. For this attack to succeed, a hacker would first need to install a virus or a Trojan horse on your device.
This can be done using phishing or other social engineering techniques. Once the virus is in your system, it will change your host file, which will then redirect your traffic from the intended website.
Now, when you try to access your social media account by entering the correct URL, a fake identical page would appear instead.
You’d have no idea that you’ve been presented with a copy that is ready to steal your data.
Pharming using a Domain Name System (DNS) server. While there are ways you can prevent the attack mentioned above, it’s almost impossible to do so if the DNS server is hijacked.
DNS servers translate URLs into the IP addresses you actually need to find the website you want
If the DNS server is infected, it will redirect your request to a different IP address. However, you would still be presented with an identical-looking site.
Hackers love DNS server attacks. They’re much harder to pull off but have a higher success rate.
Instead of needing to compromise multiple devices individually, they simply herd a large number of internet users towards a malicious site.
This is where the name “pharming” comes from.
How to protect against pharming
It’s mostly your internet service provider’s job to hunt down fake websites, especially at the DNS level. However, you shouldn’t rely purely on them. Pharming can be prevented by:
Recognizing phishing attempts and not clicking on suspicious links;
Using antivirus software that might pick up on Trojans and other viruses;
Practicing good internet behavior;
Checking the URL. Make sure that you visit HTTPS websites (look for the padlock in your URL bar). Also, check the spelling and other signs that the URL might be spoofed;
Using a VPN. It will encrypt your traffic and route it via a VPN-owned DNS server to solve your DNS request.
NordVPN also offers CyberSec, which identifies and restricts access to infected and suspicious websites.