Imagine logging into your favorite site thinking everything was normal only to realize later that your login details had been stolen and your personal data is now exposed. That can happen if you become the victim of a pharming attack. Keep reading to find out what pharming is and how to identify a fake website. And get comprehensive security software to help protect against pharming sites and other internet scams.
What is pharming and how can you protect yourself?
The term pharming is a mash up of the words “phishing” and “farming”.
You’ve probably heard about phishing as a form of online scam because you’re regularly warned about it. It’s a collective term for attempts by hackers to get hold of your personal data via spam emails, direct messages, or bogus websites — something you can protect yourself from with a little healthy distrust and a keen eye. That said, with pharming — which is very similar to phishing — the situation is different, unfortunately.
Pharming is a scam where cybercriminals install malware on your PC or a server, causing you to be redirected to spoof websites without you even realizing it. That’s why pharming is also referred to as phishing but without the lure.
Unlike phishing, pharming — as a really insidious form of cyberthreat — starts with the fundamentals of internet traffic. That’s because hackers specifically manipulate what are known as DNS (domain name system) requests — something we’ll look at in more detail below.
A reputable antivirus program can help you strengthen your protection against a virus or malware attack. And it doesn’t even have to cost you a cent. The proven solution Avira Free Antivirus can be downloaded for free, and it will help you improve your PC or laptop and bolster your protection against a malware attack. Plus, with Avira Free Antivirus you get a lightweight antivirus program that won’t sap your device’s resources — and it can factor in performance and online privacy considerations when scanning your system.
At the end of this post, we provide additional tips on how you can protect your laptop, PC, smartphone, or tablet from a pharming attack.
Different pharming methods
Cybercriminals employ two types of pharming method: Malware-based and DNS server-based attacks. In both cases, they target the internet’s cataloging method.
In plain English: Every website and every internet user is assigned a unique IP (internet protocol) address — which is nothing else than a uniquely assigned sequence of numerical values that could be 123.45.678.90, for example.
When you enter a website address in your browser, a DNS server automatically translates it into an IP address — precisely where cybercriminals start their pharming attacks.
In a malware-based pharming attack, hackers succeed in installing malware on your device, which can access the DNS cache and change its settings.
To speed up the translation process from the website name to an IP address, most internet browsers store the data in the cache temporarily. So instead of contacting an external DNS server and looking for the matching IP address, the information is stored on your computer. This storage process is known as DNS caching.
Malware-based pharming targets the DNS cache and is particularly problematic because you’re entering a correct website address. If your device is infected with malware that aims to conduct a malware-based pharming attack, a very well camouflaged redirect takes place: The installed malware modifies your computer’s local hosts files and DNS cache, which is why the legitimate domain you’re accessing is translated into an IP address that takes you to a bogus website.
The super sly thing about it is that such fake websites usually look amazingly similar to the real thing, so we don’t even doubt its legitimacy even for a second. Any information you enter into such a compromised website, such as account details, ends up going straight into the hackers’ hands, which they can then use to commit fraud or online identity theft.
DNS server-based pharming
In the case of DNS server-based attacks, cybercriminals attack the DNS server itself without having to access individual computers.
An infected DNS server will redirect you to a fake IP address, even if your computer is not infected with related malware. These types of attack are not tied to individual DNS caches, as it is the server itself that is “poisoned” — redirecting you to a fake website even if you enter the correct address (URL).
Many website operators and large companies invest heavily in sophisticated anti-pharming measures due to the magnitude of the potential threats posed by DNS server-based pharming.
What’s the difference between pharming and phishing?
Pharming is definitely a more sophisticated form of phishing. In both cases, cybercriminals aim to gain access to sensitive user data to then cause considerable financial and/or personal damage with the stolen access information.
But there are also differences between pharming and phishing.
With phishing, you’re the one who, for instance, clicks a link sent by email or downloads a zip file that contains the relevant malware — because you don’t doubt for an instant that the sender is trustworthy.
This is exactly what pharming doesn’t require, which is why this form of online scam is so sneaky. When it comes to pharming, cybercriminals don’t even need you to click any sort of link.
For example, if you’ve unknowingly become a victim of malware-based pharming, you always end up on fake websites located on online scammers’ (pharmers’) servers. Unlike phishing, which is typically a one-off event, pharming is a scam that’s always lying in wait.
How to protect yourself and avoid pharming attacks
You might assume that you can’t protect yourself from pharming attacks at all, but fortunately that’s only partially true. That’s because there are some measures you can take to avoid pharming attacks:
- Be wary of emails that ask you to take action such as entering information. No bank or government agency would ever ask you to do that. Simply taking a look at the email address details is often enough to tell that the sender address is different from the one it purports to be.
- Never open any file attachments (such as zip files) if you don’t know the sender.
- Be suspicious of unusual wording and grammatical errors, odd formatting, different font sizes, inappropriate images, and the like.
- Websites that don’t have “https” in the address line don’t meet current security standards. Even if your internet browser allows you to open this website regardless, it’s best not to visit the website in the first place.
- Change your router’s default password.
- Turn on the firewall on your devices.
Additionally, you can get tools to help you avoid pharming attacks.
Among them, any device you use to surf the internet — be it a PC, laptop, smartphone, or tablet — should have a proven online security solution installed on it, like Avira Free Antivirus for Windows or Avira Antivirus Security for Android.
These Avira’ security solutions offer powerful protection, and they each feature a built-in VPN (short for virtual private network). VPNs strengthen your online privacy, especially on public Wi-Fi hotspots, as they encrypt your data traffic and prevent your own IP address from being visible.
And if you’re interested only in VPN, get Avira Phantom VPN to help you strengthen your online activities and surf in privacy.
Top tip: Avira Antivirus Pro and Avira Prime include a suite of tools to help you improve your devices’ security and performance as well as your online privacy — and in addition to a tried-and-tested virus protection solution, they also include a VPN.