Pharming is a type of cyberattack that involves redirecting website traffic from a legitimate website to a fake one designed to steal personal information or financial data from the user. Unlike phishing, where the user is tricked into clicking on a link that takes them to a fake website, pharming is carried out by manipulating the DNS (Domain Name System) to redirect traffic to a fraudulent website.
Pharming attacks can be carried out in two ways: through DNS poisoning or malware infection. In DNS poisoning, the attacker alters the DNS server's configuration to redirect traffic to a fake website. This type of attack is more difficult to execute but can be carried out on a large scale. Malware infection, on the other hand, involves installing a malicious program on the user's device that alters the host file to redirect traffic to a fake website. This method is easier to execute but requires the attacker to infect a large number of devices.
One example of a pharming attack is the Mebroot Trojan, which infected the Master Boot Record of a device to redirect traffic to a fake website. Another example is the DNSChanger malware, which infected over four million devices worldwide and redirected traffic to fake websites to steal personal information and financial data.
To protect against pharming attacks, users can take the following steps:
In conclusion, pharming is a serious online threat that can result in significant financial loss and identity theft. By understanding how it works and taking appropriate measures to protect against it, users can safeguard their online activities and keep their personal information secure.
A researcher at IRONSCALES recently discovered thousands of business email credentials stored on multiple web servers used by attackers to host spoofed Microsoft Office 365 login pages.