Pharming

Pharming

The term “Pharming” refers to an advanced form of Man-In-The-Middle (MITM) attack in which a user’s session is redirected to a counterfeit website. This type of attack is carried out by corrupting an Internet DNS server and pointing a URL to the IP address of the counterfeit website.

How it works: Almost all users use a URL like www.worldbank.com rather than the actual IP address (192.86.99.140) of the website. By modifying the pointers on a DNS server, it is possible to redirect the URL to send traffic to the IP address of the pseudo-site. At the pseudo-site, transactions can be imitated and information such as login credentials can be collected. In this way, the attacker can access the real www.worldbank.com site and conduct transactions using the credentials of a valid user on that website.

Attack techniques:

  1. DNS Corruption: The primary method used in pharming is the corruption of DNS servers. This involves modifying DNS information so that the URL of the legitimate site points to the IP address of the fraudulent site.
  2. Traffic Redirection: Once the DNS has been corrupted, users who enter the URL of the legitimate site are automatically redirected to the fake site without realizing it.
  3. Information Collection: The fake site is designed to look identical to the legitimate one, allowing attackers to collect sensitive information such as usernames, passwords, and transaction details.

Implications: Pharming represents a serious threat to online security, as it can compromise users’ personal and financial information. Users may believe they are interacting with a legitimate site, while in reality, they are providing information to an attacker.

How to protect yourself:

  1. Use secure DNS: Setting your devices to use secure and reliable DNS servers can help reduce the risk of pharming.
  2. Verify URLs: Always check the URL in the address bar to ensure it matches the legitimate website.
  3. Security software: Use updated antivirus and anti-malware software that includes protection features against pharming.
  4. Two-factor authentication: Implement two-factor authentication to add an extra layer of security to your credentials.

Conclusion: Pharming is an insidious attack that exploits users’ trust in DNS servers and the legitimacy of URLs. Being aware of this threat and taking preventive measures can help protect personal and financial information from fraudulent attacks.