The most infamous pharming attack happened in 2007 when hackers managed to steal the user logins of 50 financial institutions. While the financial losses weren’t officially disclosed, we can safely say those businesses suffered greatly from this fraud.
How can you protect your company from pharming and its negative effects? How does pharming work? Read on to find out!
Trustpair blocks the financial effects of pharming by continuously controlling payments before they’re executed. Any suspicious payment to an unknown third party is blocked. Contact an expert to learn more!
What is pharming?
Pharming is a contraction between two terms:
- Farming: harvesting (or stealing) data.
- Phishing: tricking users into revealing personal data under false pretenses.
It describes a type of cyberattack where victims are directed to fake websites that steal their data. Using social engineering techniques, hackers redirect unsuspecting users to their spoofed websites to get them to reveal sensitive information.
Cybercriminals (called pharmers in this case) often target financial institutions like banks, e-commerce websites, or online payment platforms.
Their goal is to collect confidential information like:
- Login credentials,
- Social Security numbers,
- Bank account numbers
They’ll use this private information to impersonate their victim (leading to identity theft) or to sell on the dark web.
Having this personal information publicly available is bad news for your business. Unethical organizations could get their hands on it, and cause direct and indirect damage to your company — by committing payment fraud or using it for espionage.
How does pharming work?
Pharming works by exploiting the Internet’s vulnerabilities. See, when you type an address into your browser, the URL address has to be converted into an IP address using what’s called the DNS protocol.
It’s this conversion process that is dangerous, as it creates two ways for phishers to redirect you to a website of their choosing:
Attacking the host file
When you type in an URL, your device first checks its local files to see if this website has been visited before and knows its IP address already.
Hackers exploit this vulnerability by corrupting these host files. Instead of accessing your regular trusted website, your computer’s files redirect to fake websites.
Since the fraudulent website is usually very similar to the real one, it’s hard to know you’re falling victim to pharming.
Host file corruption happens through malware, for instance when someone within your organization downloads an unknown attachment or clicks on a link that installs some kind of virus or Trojan horse. This happens locally but can spread through your organization’s network. In this case, phishing is what enables pharming.
Attacking the DNS server
The other way phishers can attack you is by directly targeting your DNS server, where the IP addresses are checked when receiving URL requests.
This hacking technique is called DNS poisoning, or DNS flooding (DNS stands for “Domain Name System”).
Hackers modify the DNS information directly on the server, which means it redirects all Internet users using this server to their scam website. What’s more, a poisoned DNS can infect other servers, creating a ripple effect.
Unfortunately, individual anti-virus and anti-malware software don’t protect you against DNS server pharming. While DNS servers are usually well-protected behind your organization’s network, any security breach would end up affecting your whole company.
Entering addresses manually in your browser doesn’t help either, as the redirection happens while the device connects to the DNS.
It makes this type of pharming particularly dangerous. DNS poisoning is harder to realize, but the payoff for cybercriminals is also bigger, making it an enticing opportunity.
What is the difference between pharming and phishing?
Pharming and phishing both use social engineering attacks to achieve their goals. In both cases, they intend to steal your confidential information to:
- Commit fraud themselves (usually kinds of wire transfer scams like CEO fraud or vendor fraud),
- Sell this information to other hackers.
Directly or indirectly, there is some financial fraud happening. This is why protecting yourself against fraud is essential to safeguard your business.
While the end result of pharming and phishing is often similar, the way they achieve this is different:
- Phishing relies on its victims to click on a link — downloading an attachment or clicking on a too-good-to-be-true offer that’ll redirect them to a fake website. Even though the victim receives a phishing email, they still have to take action for it to work. It’s an active form of fraud.Of course, the more personalized the malicious email is, the better the odds are of succeeding! Spear phishing and whaling are sub-categories of phishing targeting specific individuals using social engineering hacks.
- Pharming is a passive form of fraud. It corrupts the DNS protocol, which is beyond the user’s control. Although some pharming uses malware, you can still be a victim of pharming without having any malware on your device or network. In pharming, the attack happens directly in your browser, so anti-phishing techniques aren’t effective. Pharming is less common than phishing, but it’s also more dangerous.
Learn all there is to know about fraud in business by downloading our latest fraud report!
What are some pharming examples?
In 2007, the hackers targeting 50 financial institutions across the World did so through a vulnerability in Microsoft’s software.
Victims were directed to a website containing malicious code, prompting them to download trojans that would corrupt their host files. Every time they’d try to access their bank’s website, they’d be automatically redirected to a bogus version of it and prompted to enter their login. Because it was seamlessly done, the attack lasted 3-days before it got stopped.
“Operation Ghost Click” is another infamous example of pharming attacks. It was uncovered by the FBI in 2011 after spreading to over 4 million computers across the world. Hackers had managed to redirect users to fake websites with advertisements and were profiting from the ad revenue from the fraudulent traffic.
Pharming in the private sector
In the B2B world specifically, pharming can look like accessing a spoofed website of your financial institutions, your vendors, or even governmental agencies.
Regardless of who the phishers impersonate, the effects on your business could be disastrous. Criminals with access to sensitive data can use it to transfer money to their own account, or elaborate another type of fraud based on the information they collected:
- Hackers use your pharmed customer information to send fake invoices by impersonating your suppliers — that’s invoice fraud.
- Fraudsters impersonate a tax agency, requesting an “urgent” payment — a form of wire transfer scam.
The best way to protect against those effects is by using anti-fraud solutions like Trustpair. Our platform automatically checks the credentials of your vendors before any transaction is sent, so you always know your funds are sent to the right bank account.
How can you spot pharming?
Pharming is insidious, making it very hard to detect. The only red flags of pharming are:
- A nonsecured connection: the URLs begin with http instead of https.
- A questionable-looking website.
In the latter case, let’s say you connect to a supplier’s website to order some goods. You notice things looking a bit weird, a few typos here and there, a pixelated image, or even a new (but not improved) layout. These can be tell-tales of a spoofed website.
Even if you’ve never visited the website before, pay attention to the way the login process works or is phrased. Pharming websites often prompt you to enter your credentials, but then display an error message.
While some people might dismiss it and move on, the cyber-aware person will know that it’s suspicious. In this case, it’s best to get in touch with your contact to double-check you haven’t been compromised. If pharming just happened, reacting quickly is what might give you a chance in fighting fraud.
Here are some common signs of pharming:
- Unrecognized or unauthorized transactions on your business bank accounts,
- Social media posts or emails you never sent,
- Your online passwords have been changed.
In case of suspicious activity: don’t wait! Contact your IT department and law enforcement agencies if pharming is confirmed. Hopefully, you also have a contingency plan for such situations, as part of your risk management strategy.
Financial fraud can happen very quickly with pharming attacks. Fortunately, you have anti-fraud software like Trustpair blocking the effects of it. Using our solution means no unauthorized transaction can go through, and any payment fraud attempt is blocked.
How can you protect yourself?
The first thing you can do to protect yourself against pharming is to increase, or improve, your security measures. We specifically recommend:
- Always checking the website is secure: the link starts with HTTPS, meaning the connection is safe. You should also be able to click on the lock in the address bar and check the website’s security certificate.
- Using antivirus and antimalware. While they’re not sufficient protection, they can help by warning you if the website’s connection or attachment you try to download isn’t safe. Make sure they’re up-to-date so they safeguard you against the latest viruses.
- Not clicking on suspicious email links. Be especially careful if you don’t know the email’s sender and take a few minutes to analyze the situation. If there is a link to click, hover your mouse over it first so you can check the full URL. In case of doubts, forward it to your IT security department to report phishing attempts, they’ll be able to help.
- Setting up two-factor authentication. This adds a layer of protection because even someone with your login credentials would need to verify their identity.
It’s really important to have these measures in place, but also to educate your employees through security awareness training regularly.
Your key staff (like the ones authorizing transactions, or paying invoices for example) should be able to recognize pharming or phishing attempts and know what to do in case of a Business Email Compromise (BEC). It’s a great way to prevent corporate fraud from happening.
Your goal is to make your company cyber-aware, making cybersecurity a priority for everyone.
Using anti-fraud software to counter the impact of cyberattacks
While anti-fraud software doesn’t prevent you directly from pharming, they protect you from its negative effect: financial loss.
Choosing a software solution like Trustpair means no unauthorized transactions can go through. For example, even if a fraudster gained your employee’s login details, they wouldn’t be able to send money to themselves by hijacking your vendor’s bank account information and adding their own.
Our solution always treats a change in credentials as a fraud attempt and automatically checks the new bank account against international databases to check:
- Ownership (the name is correct)
- Veracity (the bank account number is correct)
- The match between the name and the bank account number.
Pharming leads to third-party fraud, so protecting against both is needed to safeguard your organization.
- Pharming is a type of cyber attack where users are unknowingly directed to scam websites stealing their personal data.
- It’s important to protect yourself against pharming and its negative impact: financial losses.
- Trustpair is an anti-fraud solution that eradicates the risk of financial fraud.