23 January, 2017

Pharming attacks are network based intrusions whereby visitors of the target website are redirected to a hacker controlled web server. It may occur when a user clicks on a link or types the website URL in the browser’s address bar, which takes him to a fake portal that looks similar to the one that he intended to visit. The attack may involve compelling the user to enter his username, password or other personal information in the fake website. At times, simply visiting the website may compromise the security of the system.

How Are Pharming Attacks Carried Out?

The hackers mainly use the following two methods for carrying out a pharming attack:

DNS Cache Poisoning

In this type of pharming attack, the hacker breaches the DNS server to change the IP address of the legitimate website. With this, if the user types in the URL ‘www.abc.com’, the computer sends a query to the DNS server, which returns the IP address of the bogus website ‘www.abc1.com’. The user believes the website to be original and continues browsing.

In order to facilitate faster access, the server automatically caches the web documents to reduce page load time when the website is accessed later. As a result, the user will be repeatedly routed to the fake website even if he types the correct URL.

Hosts File Modification

The hosts file is a plain text file stored in the computer’s operating system and comprises of different IP addresses as well as hostnames. A pharming attack may involve changing the local host files on a user’s computer through a malicious code sent in an email. With this, the user gets redirected to a fake website when he types in a URL or clicks on an affected bookmark entry.

Tips To Prevent Pharming Attacks

  • Make sure you do not delay updating the operating system and software applications installed on your computer. This will fix any security vulnerabilities and prevent hackers from gaining unauthorized access.
  • When visiting a website, cross check to detect any spelling mistake in the domain name. The hackers may redirect you to a fake website that has a similar URL. For instance, web traffic to ‘www.abc-xyz.com’ may be routed to ‘www.abc_xyz.com’ or ‘www.abc.xyz.com’
  • If you are required to enter your personal or sensitive information in a website, the URL should change from ‘http’ to ‘https’. You should also verify the certificate of the website. Check if it carries a secure certificate and uses encryption for all transactions.

For more information on pharming attacks, you can contact Centex Technologies at (855) 375 – 9654.