If you run a business website, you’re likely familiar with the elusive phishing threat. However, site owners are typically less knowledgeable about pharming. This attack redirects web traffic to misleading destinations, where cybercriminals can harvest information and spread malware. Despite a business’s seemingly robust security measures, many tend to overlook pharming. If your business is just about to dip its toe into the dog-eat-dog digital landscape, ensure that you protect yourself against pharming attacks.


What is Pharming?

 To collect sensitive information and install malware remotely, attackers create look-alike websites to fool site visitors into willingly providing their credit card information. Criminals are then able to compromise DNS servers and reroute traffic.


How Pharming Attacks Occur

 Unlike phishing, pharming focuses on manipulating a user’s entire system. Both will funnel victims into a corrupt location, though implement varying mechanisms. To reroute targets from the intended IP address, pharmers will:

1. Compromise Machines and Change Local Hosts Files

At this point, a user will be redirected every time they attempt to access a specific site, disguised to appear identical to the intended destination. Pharmers will typically precede this action with a phishing attack or other malware deployment method. Some will attack routers in what is known as a drive-by pharming attack.

2. Redirect DNS Traffic and Exploit DNS Servers

Here, victims are redirected to an attacker-controlled machine without having to click on a link. Those among the cybercriminal community refer to this attack as a “phish without a lure.”

DNS servers are more challenging to penetrate, as they exist within an organisation’s network. However, skilled cybercriminals will have no trouble poisoning servers and its neighboring routers and devices.

If you’ve ever wondered why China’s Great Firewall blocks the use of websites such as Facebook and YouTube, leave it up to hacked DNS servers. Unlike individual devices, injected DNS servers can become extremely damaging across multiple websites.


How Common are Pharming Attacks?

 The likelihood of a pharming attack will depend on the cybercriminal’s objectives and how lucrative your business is. If an attacker finds that they can leverage financial information to abuse and sell, you’ll want to implement nearly-impenetrable preventative measures.

However, compared to phishing attacks, pharming isn’t nearly as common. On an attacker’s end, pharming requires a superlative skill level and far more significant efforts.

Occurrences in Brazil proved an ability to exploit router vulnerabilities via phishing emails, allowing attackers to manipulate DNS server settings. Extreme events, such as the 2007 bank attack, put at least 50 financial institutions at risk.


How to Prevent Pharming Attacks

 As pharmers grow increasingly meticulous, institutions need to match security measures to their skill level. To reduce the chances of a successful pharming attempt:

  • Train staff to identify suspicious links that might include invalid or outdated certificates or manipulated URLs.
  • Automatically patch devices and perform regular scans and clearances.
  • Audit and monitor DNS servers.
  • Deploy TLS certificates on enterprise websites.
  • Implement active endpoint security controls and monitoring.
  • Prioritise strong password security.
  • Outsource threat intelligence when necessary.
  • Enable two-factor authentication on every server.


 As today’s online environment grows increasingly vulnerable to all types of attacks, anti-phishing software may not nip the problem in the bud. Ensure that your preventative measures are all-inclusive—couple efforts with training and make sure to educate staff thoroughly.

For no-fail protection against phishing and pharming, leave us a message at FraudWatch International. By understanding a cyberattack’s anatomy, we know how to face the problem regardless of what stage it’s undergoing.