In today's world, knowing how to avoid phishing and pharming is crucial.
“Give a man a fish and he’ll eat for a day. Teach a man to phish, and he’ll steal your identity and eat on your credit forever.” —A proverb (probably)
Man has relied on fishing and farming for survival for thousands of years. Fishing involves dropping a line and hook in the water and waiting for the right fish to swim by and take the bait. Farming requires more steps and more time. A farmer must plant the seed, nurture the seed, and wait to harvest the fruits of his labor.
The same concepts apply to the cyberattack counterparts of these terms. While different in their approach, phishing and pharming have the same end goal: to trick unsuspecting people into revealing sensitive personal information, which hackers can then use to fatten their bellies (or wallets). The worst-case scenario for a victim of a phishing or pharming attack is identity theft.
In phishing, a hacker drops a line and hook in the form of an email that appears to be from a popular website or subscription service, such as Bank of America Online or Amazon. Worse, they can use a technique called clone phishing where the cybercriminal will clone a valid email that a recipient would normally respond to without thinking. It could look like the email came from within the company itself.
The email will tell the recipient something along the lines of, “Our system has experienced an update/change. Please log in using the URL link below to verify your account information.” The phisherman will bait this email with official-sounding language and official-looking logos to get the phish to bite. These emails vary in levels of sophistication, but upon first glance, many phishing attempts appear authentic to unsuspecting victims.
When the phish clicks the link in the email, they are routed to a site that looks similar to the authentic site they expect. However, this site is a replica built by a phisherman which is affectionately and technically called URL phishing. The phish will be prompted to enter sensitive information such as usernames, passwords, bank account information, or social security numbers. Once the phish enters this information, the account is unlocked (and all sensitive information therein) for the hacker. Poor phish. They've been caught.
Just as farming is more labor intensive than fishing in the traditional sense, pharming takes a bit more work than phishing in the cyber world. Pharming was named as such because hackers herd large populations of people to fake websites in one fell swoop. The metaphor has a deeper meaning from an agricultural standpoint, which is explained below.
In pharming, a hacker manages to redirect users from the authentic site they're trying to reach via a web browser to another fake site. Pharmers accomplish this by poisoning something called the DNS cache of a computer, network, or server. The DNS cache is a stored list of previously visited websites on a user's computer. Suppose an unsuspecting user is attempting to access Bank of America's website. When a pharmer poisons the DNS cache, they can manipulate a user's computer settings such that when the user starts typing, "bankofa," in the address bar, the auto-filled suggestion redirects from the correct IP address to an IP address leading to a fake website (e.g. bankofamercia.com). The pharmer is essentially planting the seeds for corrupt websites in the DNS cache. They fertilize these seeds by convincingly replicating the login page of the authentic site, and then they wait to harvest. If the pharmer has created a convincing replication, users will be unknowingly directed to the bogus website when they type the web address. They will log in as usual, thereby handing over their personal information to the pharmer. They’ve now been harvested.
It might come as a surprise that high-level executives and upper managers are the most likely targets of phishing and pharming. And before any execs reading this are offended, I don't mean folks in these positions are dumb. They are just being profiled, since hackers believe they have several factors working against them. Executives have money, receive many emails in a day without closely scrutinizing each, and hackers consider them to be less tech savvy.
Phishing and pharming are two of the most common cyberattacks. The good news? Both are two of the most easily prevented. Taking the basic precautions below can stop phishermen and pharmers in their tracks, and we can just keep swimming in secure waters.
The easiest way to decrease the likelihood of being phished and pharmed is to simply be aware these types of attacks exist. Read our other articles on cybersecurity here. If you're reading this, you're already ahead of the game.
The more you learn about potential threats, the more cyber-skeptical you will become. This is always a safe bet. If it sounds phishy (see what I did there?), err on the side of caution. You may miss out on a free cruise to the Bahamas or $5 million from a Nigerian prince, but delete that email. No one has ever won on that deal.
Companies should mandate cybersecurity training for all employees in which they discuss different types of cyberattacks and explain how to identify them before they happen.
Never provide personal information by following a link in an email. If you receive an unsolicited email from a personal account asking for account verification that you believe to be authentic, call the company’s official customer service phone number—not the one from the questionable email. Speak to a human to confirm the legitimacy, or just go directly to the website via your browser (don't access the website by clicking the link in the email). If it's a legitimate request, you should receive a similar message once you log in to your account.
When browsing or using a search engine, always pay attention to the URL of the website you are visiting. Legitimate sites will always have the name of the site followed by .com, .edu, .net, .gov, etc. For example, www.netflix.com. If you tried to log in to Netflix but saw something like www.netflix.ad.com, or even a minor misspelling like www.neftlix.com, you can bet your DNS cache has been compromised. Contact your IT personnel immediately so they can remediate.
