Date First Published: 17th May 2023
Topic: Cybersecurity
Subtopic: Threats To Systems, Data & Information
Article Type: Computer Terms & Definitions
Difficulty: MediumDifficulty Level: 7/10
Learn more about what pharming is in this article.
Pharming is the practice of redirecting a user to a fake website that mimics the appearance of a legitimate one to collect personal information, like usernames, passwords, and bank details. It may involve hijacking the browser settings, changing the hosts file on the user's computer, exploiting vulnerabilities in DNS server software, or by malware installed on the user's computer that runs in the background. It is a type of social engineering attack used to obtain access to credentials.
If the user does not notice that the URL to the fake website is different from the legitimate one, they could unintentionally give their sensitive information to the wrong website, putting their details at great risk as they could be misused and used for identity theft/fraud. The fake website may also contain links to viruses and malware. Pharming targets users with a lack of knowledge of scams and fake websites who do not pay much attention to the URL before entering sensitive information.
The term 'pharming' is a combination of the words 'phishing' and 'farming'.
Some people confuse pharming with phishing, but it is quite different. Phishing is the practice of impersonating trusted companies to steal sensitive information from users. Phishing usually comes in the form of email, where the phisher makes the message look like it has come from a legitimate company and wants the user to click on a link to a phishing site to trick them into giving their personal information away, such as card numbers, usernames, and passwords.
Pharming is a type of phishing that involves redirecting traffic from a legitimate one to a fake one. Instead of sending an email that pretends to be from a trusted company, pharming actually redirects the user to a fake one without any user interaction. It does not require the user to click on any links to visit the fraudulent website. This type of social engineering attack has been called 'phishing without a lure'.
Pharming attacks are less common than phishing attacks because they require much more work from the attackers, including writing malware that changes the computer's hosts file, or modifying the DNS table in the server (DNS poisoning), leading to the corrupted DNS entry being cached on the ISP’s servers. Phishing only requires the attacker to make up a fake email and send it to a large number of users at once.
Pharming is more harmful than phishing in that a lot of computers can be affected by it with no user interaction. For example, if a DNS server was compromised, users can still be affected by it even if their computer has no malware installed. Manually entering the website address or always using trusted bookmarks is still not enough, because the redirection takes place after the computer sends a connection request.
Below are five steps to prevent pharming:
If so, it is important that you tell me as soon as possible on this page.
Network Services Network Setups Network Standards Network Hardware Network Identifiers Network Software Internet Protocols Internet Organisations Data Transmission Technologies Web Development Web Design Web Advertising Web Applications Web Organisations Web Technologies Web Services SEO Threats To Systems, Data & Information Security Mechanisms & Technologies Computer Hardware Computer Software Ethics & Sustainability Legislation & User Data Protection
