“Give a man a fish and he’ll eat for a day. Teach a man to phish, and he’ll steal your identity and eat on your credit forever.” – A Proverb (probably)
Man has relied on fishing and farming as a means of survival for thousands of years. Fishing involves dropping a line and hook in the water and waiting for the right finned creature to swim by and take the bait. Farming takes a bit more steps and time. A farmer must plant the seed, nurture the seed, and wait to harvest the fruits of his labor.
The same concepts apply to the cyber-attack counterparts of these terms. While different in the approaches, both “Phishing” and “Pharming” have the same end goal: to trick unsuspecting people into revealing sensitive personal information, which hackers can then use to fatten their bellies or wallets. The worst-case scenario for a victim of a Phishing or Pharming attack is identity theft.
In Phishing, a hacker, or “Phisherman”, drops a line and hook in the form of an email that appears to be from a popular website or subscription service, such as Bank of America Online, for example. The email will tell the recipient, or “phish” if you will, something along the lines of, “Our system has experienced an update/change. Please log-in using the link below to verify your account information.” The Phisherman will bait this email with official-sounding language, and official-looking logos in an attempt to get the phish to bite. These emails vary in levels of sophistication, yet upon first glance, many Phishing attempts appear authentic to unsuspecting phishes.
When the phish clicks the link in the email, he is routed to a site, which may look very similar to the authentic site he is expecting. However, this site is a replica built by the Phisherman. The phish will be prompted to enter sensitive information such as usernames, passwords, and sometimes even bank account information and social security numbers. Once the phish enters this information, he has unlocked his account (and all sensitive information therein) for the hacker…I mean Phisherman. He’s been caught. Poor phish.
Just as farming is more labor-intensive than fishing in the traditional sense, Pharming takes a bit more work than Phishing in the cyber-attack world. “Pharming” was originally named as such because it allows hackers to “herd” large populations of people to fake websites with one fell swoop. The metaphor has a deeper meaning from an agricultural standpoint, which is explained below.
In Pharming, a hacker, “Pharmer” manages to redirect users from the authentic site they are trying to reach via a web browser, to another, fake site created by the Pharmer. Pharmers accomplish this by “poisoning” something called the DNS Cache of a computer, network, or server. DNS Cache is simply a stored list of previously visited websites on our computer. When a Pharmer poisons the DNS Cache, he can manipulate the settings to ensure that when a user starts typing a web address, such as “bankofa” into the address bar. The auto-filled suggestion redirects from its correct IP address to another IP address—which leads to his fake website. He is essentially planting the seeds for his corrupt websites in the DNS Cache. He “fertilizes” these seeds by convincingly replicating the log-in page of the authentic site on his fake site. And then he waits to harvest. If the Pharmer has done a convincing job of replicating the authentic website, users will be unknowingly directed to his bogus website when they type the web address into their browsers. They will log-in as usual, thereby handing over their personal information to the Pharmer. They’ve now been harvested
How does this keep happening? One statistic that may come as a surprise is that the people most likely to get phished or pharmed are high-level executives and upper managers. Now, before any execs reading this get offended, this is not to say that folks in these positions are dumb. They are being profiled, since hackers believe they have several factors working against them. Executives have money, receive many emails in a day without closely scrutinizing each, and hackers consider them to be less tech savvy.
How to Avoid the Hook and the Harvest
- Educate yourself.
The easiest way to decrease the likelihood of being phished and pharmed is to simply be aware that these types of attacks are a possibility. Read a few articles on basic cybersecurity here. If you are reading this, you are already ahead of the game.
2. Embrace cyber-skepticism.
The more people learn about potential hacking threats, the more cyber-skeptical they will become. This is always a safe bet. If it sounds phishy (see what I did there?), err on the side of caution. You may miss out on a free cruise to the Bahamas or $5 million from a Nigerian prince, but delete that email. Trust me, no one has ever won on that deal.
3. Train Employees.
Companies should mandate cybersecurity training for all employees in which they talk through the types of cyber-attacks and explain how to identify them before happening.
4. Do not trust email links.
Never provide information for a personal account by following a link in an email. If you receive an unsolicited email from a personal account asking for account verification, yet you think it could be authentic, call the company’s official customer service phone number—not the one from the questionable email—and speak to a human being to confirm the legitimacy. Or just go directly to the website via your browser. Navigate directly to the website via a separate internet browser, not by clicking the link in the email. If it is a legitimate request, you should receive a similar message once you log in to your account.
5. Take note of your URL when browsing.
When browsing, always pay attention to the URL of the website you are visiting. Legitimate sites will always have the name of the site, immediately followed by .com, .edu, .net, etc. For example, www.netflix.com. If you tried to log-in to Netflix but saw something like www.netflix.ad.com, or even a minor misspelling like www.neftlix.com, you can bet your DNS Cache has been compromised. Contact your IT personnel immediately so they can remediate.
Phishing and Pharming are two of the most common forms of cyber-attacks. The good news is, both are also two of the most easily prevented. Taking the basic precautions listed above can stop Phishermen and Pharmers in their tracks, then we can “just keep swimming” in secure waters.
This article has been adapted from a chapter from Trenegy’s book: Jar(gone)
Trenegy is a non-traditional consulting firm, dedicated to help companies clarify the latest business jargon into useful terms and solutions that actually benefit your company. Find out more: firstname.lastname@example.org.