Pharming is a scam that cybercriminals use to install malicious code on personal computers or servers. As the name suggests, it comes from the words “farming” and “phishing”. It is another variant of phishing-related fraud using man-in-the-middle (MIM) attack and does not require you to click on any link. Here, the fraudster will insert themselves between the victim and a legitimate institution.
Pharming is a type of social engineering cyberattack in which criminals redirect internet users trying to reach a specific website to a different, fake site.
These “spoofed” sites aim to capture a victim’s personally identifiable information (PII) and login credentials (such as passwords, credit card numbers social security numbers, account numbers etc.) or attempt to install pharming malware on their computer.
Pharmers often target websites in the financial sector, including banks, online payment platforms, or e-commerce sites, usually with identity theft and financial misuse as their ultimate malicious objective.
There are several ways in which pharming can be carried out. Here are some common methods:
DNS Spoofing / Poisoning: DNS stands for “Domain Name System” and is responsible for translating human readable domain names into IP addresses that computers can understand – pharmers modify the DNS table in a server for a legitimate website and replaces them with their own IP address, causing multiple users to visit the fake website instead of the legitimate one.
Malware: A hacker may send malicious code in an email which installs a virus or Trojan on a user's computer. This malicious code changes the computer’s hosts file to direct traffic away from its intended website and redirected toward a fake website instead.
Man-in-the-Middle (MITM) attacks: In a MITM attack, the attacker intercepts the victim's traffic and redirects it to a fake site using various techniques such as Address Resolution Protocol (ARP) Spoofing and SSL stripping.