Not a premium member yet? Save 100's of hours on lesson prep with a comprehensive library of GCSE Computer Science resources - including worksheets, tests, and PowerPoint presentations.
Download the complete GCSE Computer Science bundle including all teacher resources and student revision:
- 200+ Computer Science/ICT resources
+ any we release in the future!
- Access to all student revision notes
- OCR, AQA, Edexcel and WJEC compatible
- New 9-1 GCSE spec
What is a Pharming Attack?
Over the years, humanity has technologically progressed from one level to the next. This is also true in the world of cybercrime. As the techniques cyber criminals use to execute their deceitful acts are exposed, they advance to new techniques. Pharming attacks are a typical example. Pharming is a more advanced technique than phishing but still geared toward stealing a victim’s personal information.
What is Pharming?
Phishing entices victims through fabricated emails to get them to visit fake sites and disclose their confidential information. Pharming is a type of phishing but without the enticement. A hacker infiltrates a computer system and installs malicious code that causes website traffic from the system to be transmitted to fake sites created by the hacker. This is done without the victim’s knowledge or permission.
Many websites entail the user’s personal information. Private and personal information inputted to these false sites is then taken by the hacker. As such, customers of banks, financial and online payment services with any form of monetary exchange are the most highly singled out.
Pharming occurrences are two-fold. They cheat the computer system in use, as well as the victim using it. It cheats the computer system by changing the correct IP address information kept on the computer into different numbers that direct the traffic of the user to unwanted websites. In the case of the victims, because they type in the correct URLs to genuine websites as opposed to clicking a link in a doubtful email, they are assured that the web pages presented to them are authentic.
How Does Pharming Work?
One of the techniques used in executing a pharming attack is the alteration of the DNS services on the computer system by malicious code known as DNS cache poisoning.
A simple example would be on a contact list in a mobile phone. It is important as it allows us to store a friend’s number for easy reference. We look up a friend’s name and click call. The mobile phone uses the number and the associated network technology to reach a friend’s phone. A connection is created, and your friend is soon at the other end of the line.
Suppose a buddy played a trick on you and changed a contact list on your mobile phone. Instead of a friend’s number, say John, is stored, he changed it Mary’s number while maintaining the name to John. This is where the infiltration and corruption of your contact list occurs. So, when you try to call John, it is redirected to Mary instead.
Domain Name System (DNS) poisoning is an aggressive pharming ploy, where the domain name system table in a server is altered. With this, a user who thinks he is accessing an authentic website is actually directed toward a fake site. In this method of pharming, individual personal computer host files need not be tampered. Instead, the problem happens in the DNS server, which manages thousands or millions of internet users’ requests for URLs. Victims end up at the fake site without any visible signs of inconsistency. Spyware removal programs cannot handle this type of pharming because nothing is technically wrong with the end users’ computers.
Once confidential information such as a credit card number, bank account number or password has been entered at a fraudulent website, criminals have the information and identity theft can be the end result.
While pharming is not as frequent as phishing scams are, it can impact many more people at once. This is especially true if a large DNS server is altered. If you open a certain website and it seems to be significantly different than what you anticipated, you may be a target of pharming. Restart your computer to retune your DNS entries, run an antivirus program, then try connecting to the website again. If the website still looks strange after restarting, contact your ISP and inform them that their DNS server may have been pharmed.