A kind of cyberattack, pharming involves web traffic being redirected from a legitimate website to a maliciously created fake site. The intention of a pharming attack may be to steal a victim’s financial details, their personal passwords or usernames employed to access sensitive account or other types of Personally Identifiable Information (PII).
When users input a URL into the address bar in their browser, for example, to visit their online bank, numerous unseen processes must occur before the home screen of their bank appears on their monitor. In a pharming attack, hackers manipulate these background processes covertly and send web traffic to a malicious site instead of the one intended for a visit.
In most cases, this will be a phishing site designed to harvest personal credentials, which is where the attack gets its name from, being a combination of “farming” and “phishing”. However, in some instances, traffic will be simply led to the bogus site in order to infect users’ devices with a malware payload.
What does a phishing site look like?
These bogus sites are cleverly crafted to appear as similar as possible to the sites that targets are intending to visit. Websites may resemble the log-in pages of banks and building societies or even e-commerce and company portals with the express intention of stealing passwords and usernames.
Pharming attacks are typically part of sophisticated phishing campaigns and can potentially impact any user on any platform, whether they use Mac or Windows, and even those accessing online accounts via their smartphone with an iOS or Android system.
What are the consequences of a pharming attack?
When victims are redirected to the fake site believing it to be legitimate, they then part with their private details. Those behind the pharming attack will then either use these credentials themselves to infiltrate personal and company accounts or sell them on to other cybercriminals and threat operators on the dark web using hacker forums.
If a victim has given away their credentials for an e-commerce site or bank account, the hackers may use the account to steal funds or make purchases. While they may be reimbursed financially, victims may find that their credit scores are severely damaged by such attacks. When employees are fooled into submitting their private passwords or usernames and also use these credentials for their enterprise accounts, this can cause serious risks for businesses as hackers can use these harvested details to penetrate company networks.
A safe environment for staff to work
At Galaxkey, we have built a secure workspace for enterprise personnel to carry out their daily roles free from risks of cybercrime. No passwords are ever stored on our systems, and robust security tools ensure all data retained in email accounts, on servers and in storage remain unintelligible to hackers. This is made possible by powerful encryption software that couldn’t be easier to use but delivers powerful protection levels for information security.
Contact our expert team today to arrange a free two-week trial.