Pharming

Pharming is online fraud that involves the use of malicious code to direct victims to spoofed websites in an attempt to steal their credentials and data.

Pharming is a two-step process that begins with an attacker installing malicious code on a victim’s computer or server. That code sends the victim to a spoofed website, where they may be tricked into offering their personal data or login credentials for a website or online service. Pharming does not require a user to open a website themselves because they are automatically redirected to the attacker’s spoofed site.

Pharming works by exploiting the mechanics that enable people to browse the internet. The Domain Name System (DNS) translates the domain names or web addresses that people type in their web browsers into Internet Protocol (IP) addresses, which enable computers to read them. An IP address tells computers what a website’s location is, then their web browser connects to a DNS server that holds the IP address.

When an internet user visits a specific website, their web browser stores a DNS cache of that website, so it does not have to revisit the DNS server every time the user wants to visit the same website in the future.

The DNS cache and DNS server are both vulnerable to pharming attacks by cyber criminals.

Phishing and pharming are not the same thing. Pharming evolved from phishing and takes a more focused approach than regular phishing attacks. It is also much more dangerous than phishing, as attacks are designed to hide attackers from users.

Phishing attacks lure victims into giving up their data and credentials through malicious emails, texts, and other forms of direct messaging. Phishing attackers target victims by sending messages purporting to be from a trusted sender and that express urgency around their need to click on a hyperlink. That website will be spoofed to look legitimate, enabling the attacker to intercept data that users enter or steal any information they input, such as usernames and passwords that can be used to commit wider identity theft. Phishing can be hugely impactful on businesses, typically resulting in data breaches that cause financial and reputational damage.

A pharming attack is more targeted and involves a two-step process to exploit victims. They begin with an attacker installing malicious code on a victim’s computer or server. That code sends the victim to a spoofed website, where they may be tricked into giving up their personal data or login credentials for a website or online service. Again, pharming does not necessitate a user to open a website, as they are automatically redirected to the spoofed site. 

The best way to protect organizations and users from pharming attacks is to install, run, and maintain antivirus and anti-malware software from trusted providers. 

However, there are several best practices that can help users stay safe online and avoid the considerable risks of pharming. Proven strategies that allow organizations to protect themselves against pharming include:

1. Deploy a reputable anti-virus solution: Trusted anti-virus software should contain tools that can not only detect but also block anomalous or suspicious behavior and malware. It should also be able to update to keep pace with the ever-evolving cybersecurity threat landscape and to ensure an organization is constantly protected from the latest pharming attack vectors. However, it is important to remember that not all antivirus, anti-malware, or spyware removal solutions protect organizations against pharming attacks, so additional tools may be required. 
2. Trust a trusted anti-virus: When a reputable anti-virus solution issues a warning about visiting specific websites, that advice needs to be adhered to. Even if the website looks legitimate and is a site the user has visited before, the warning indicates there is a problem with the website and it may have been infected.
3. Use a trusted internet provider: Reputable and trustworthy internet service providers (ISPs) automatically filter bogus pharming redirects, which prevents users from ever visiting pharming websites. It is therefore crucial to only sign up for internet services from trusted ISPs. ISPs new to the market may offer great deals and super-high speeds, but check whether they are as dedicated to security as established providers.
4. Use secure websites: Hypertext Transfer Protocol Secure (HTTPS) means traffic that visits a website is encrypted and cannot be intercepted by an attacker. This is signified by the “https” at the start of a Uniform Resource Locator (URL) or web address. Only trust websites that use HTTPS, especially when performing a financial transaction. 
5. Avoid suspicious websites: When browsing the internet and visiting websites, it is crucial for users to deploy good judgment. They should stick to websites they know and trust, and avoid websites that look suspicious. It is also important to evaluate sites that appear to be legitimate but do not quite look the same as usual, which is usually a telltale sign that you are on a pharmer’s website. In this case, users should take the time to click around the website to check that all the regular pages are present. Look for smaller details like privacy policies and terms of service.
6. Check website URLs for mistakes: An obvious sign of a pharmed website is spelling mistakes in URLs. Pharming attackers will often disguise their websites with minor edits to the URL, such as swapping or replacing letters. 
7. Avoid unknown links: Other attackers will use website URL shorteners, such as Bitly, to hide the fact that their website is spoofed. It is therefore crucial to never click a shortened web link in an email or other direct message, and generally avoid clicking links from unknown sources and even people that appear to be trusted senders, whenever possible. 
8. Avoid unusual e-commerce deals: E-commerce or e-shopping deals that look too good to be true are often just that. A popular tactic used by pharming attackers is to lure victims in with prices that drastically undercut popular, legitimate e-commerce sites. These offers should be treated with suspicion, and users should carry out price and comparison checks with other competing sites before they make a purchase.
9. Use secure VPNs: Virtual private networks (VPNs) that use reputable DNS servers will help users avoid the risk of pharming attacks targeting DNS cache poisoning. 
10. Change default passwords: Consumer routers and wireless access points come with default passwords that could be used across multiple similar devices. This poses a serious security risk if hackers can get hold of those passwords. Organizations and users must change the default passwords on their devices, and replace them with secure, unique passwords.
11. Enable authentication: Passwords alone are not a secure practice for protecting users against popular attack vectors. Organizations must add an extra layer of security to their online accounts using two-factor authentication (2FA) and multi-factor authentication (MFA). When a user enters their login credentials to an online service, they are then prompted to enter an additional piece of information that proves they are who they say they are. This is typically some form of security question or a code sent either to their phone or on an authenticator application.

Fortinet protects organizations from pharming attacks by protecting their DNS servers with its FortiGate platform. FortiGate secures DNS servers with an antivirus solution, firewall rules, and intrusion detection and prevention, which reduce exposure to attacks and prevent DNS cache poisoning. Fortinet also enables users to strengthen their online security through FortiAuthenticator, which ensures only they are able to access their online accounts and data, even if a hacker steals their password.

Pharming is a type of online fraud that directs victims to spoofed websites in an attempt to steal their credentials and data.

Pharming and phishing are different types of cyberattacks that aim to steal users’ data and infect their devices with malware. Phishing attacks lure victims to spoofed websites through direct messages.

Pharming is so called because it is a combination of the words "phishing" and "farming."