What is pharming?
Pharming is a scamming technique in which attackers redirect traffic from a legitimate website to a fraudulent website to spread malware or steal sensitive data from victims. A typical example of pharming is when a user types amazon.com in the URL bar but gets redirected to a fraudulent website that looks identical to the Amazon website. When the user types in his credentials or banking details, the information directly goes to the attackers. Attackers often use several techniques to make it possible.
Pharming vs Phishing
In phishing, attackers typically send a victim an email or SMS containing a link or trick the victim into clicking on a malicious link in another way. The malicious link may point to a website that looks quite identical to some legitimate website. If the victim does not understand the trickery and gives sensitive details like credentials or banking information, the information directly goes to the attackers. So, in other words, in a phishing scam, attackers may use an identical-looking website, but the URL of the website will be different from the actual one, though a victim may not notice the difference and fall prey.
In pharming, on the other hand, a victim types the correct URL of a legitimate website, yet he gets redirected to an identical-looking fraudulent website. Attackers often use techniques like DNS cache poisoning or compromising a computer’s host file to make this possible.
In other words, phishing typically uses a bait in the form of a phony email, link, or attachment to redirect a user to a fraudulent website, whereas pharming can automatically redirect a user to a fraudulent website even though the user has typed in the correct URL in the address bar.
How is pharming done?
Two major techniques used by attackers in pharming are host file modification and DNS Cache Poisoning. Let’s explore these two methods in more detail.
Pharming using host file modification
When we type a URL in the address bar of a browser, the URL gets converted into an IP address, which is then used to access the actual website. A computer often uses a host file to map IP addresses. A host file is an operating system file that maps hostnames to IP addresses. Attackers often use malware to compromise the host file on a computer so that when a user types in a URL of a …
0 Comments