{"id":21190,"date":"2022-03-08T12:31:21","date_gmt":"2022-03-08T17:31:21","guid":{"rendered":"https:\/\/www.psafe.com\/en\/blog\/?p=21190"},"modified":"2022-06-27T16:07:40","modified_gmt":"2022-06-27T20:07:40","slug":"pharming-phishings-nasty-big-brother","status":"publish","type":"post","link":"https:\/\/www.psafe.com\/en\/blog\/pharming-phishings-nasty-big-brother\/","title":{"rendered":"Pharming: Phishing\u2019s Nasty Big Brother"},"content":{"rendered":"

Pharming is somewhat less familiar than the term \u201cphishing,\u201d but both are methods employed by hackers to perpetrate fraud and gain illegal access to your private information. <\/span><\/p>\n

The <\/span>ph<\/span><\/i> prefix means that both are\u2026well\u2026phake.<\/span><\/p>\n

But despite the cute names, the damage that can be wrought with either method is considerable. Identity Theft is the end game for many of these swindles, and as you may know,<\/span> the long tail effects of ID theft<\/span><\/a> can be personally devastating (and if you\u2019ve never really experienced or read-about just how hard ID Theft can be for individuals, we highly recommend reading through that linked article. Not fun, but essential information).<\/span><\/p>\n

While <\/span>phishing attacks <\/span><\/a>are made through phishy emails, pharming is the term applied when the hacker sets a trap in the form of a malevolent website: frequently, an impostor-site posing as a well-known and trusted company site. <\/span><\/p>\n

Pharming: Individual User Attacks<\/b><\/p>\n

Phishing and pharming often go together \u2013 and the phishy email lures a single user to a malicious website, where the user enters their private information and the pharmer makes off with it, using it later to sow havoc by deploying it on the real site.  <\/span><\/p>\n

Sometimes these sites are simply set up like traps on the web \u2013 you may have encountered one or more of these by simply misspelling the name of a popular site. The result may be a jarringly different site than what you expected. <\/span><\/p>\n

In truth these situations are relatively easy to avoid.  But sometimes the site you\u2019re delivered to can be very close to what you expected, and that\u2019s where real pharming trouble can begin.<\/span><\/p>\n

Malware can drive pharming too \u2013 redirecting you to the substitute site without your awareness or permission. It\u2019s important to remember that hackers are increasingly fond of using techniques of <\/span>misdirection.<\/span><\/i> You may inherit malware through a new app you download, but the consequences arrive later, when you first log on to your bank-site or try to pay your credit card bill, and the malware takes you to an impostor site to steal that information from you.<\/span><\/p>\n

DNS Switching  <\/b><\/p>\n

DNS switching takes the whole pharming idea to a more dangerous height. Whereas the malware or phishing-driven pharming operates at an individual user level, DNS Switching redirects all traffic to a given website to a pharmed-out impostor. <\/span><\/p>\n

The malware works within the DNS server and redirects requests to reach the authentic site to the pharming site. These more sophisticated attacks often involve more sophisticated fakery, and the pharming sites can be very convincing.<\/span><\/p>\n

How To Protect Yourself, Down on The Pharm<\/b><\/p>\n

As always, there are a few different layers of protection you can enlist to keep yourself from pharming \u2014 and the more of them you employ, the safer you\u2019ll be:<\/span><\/p>\n

Mindset: <\/b>Your mindset as a user is one of the best defenses you have against hackers. Remember that hackers are fond of using social engineering \u2013 which some might refer to as \u201cgood old psychology\u201d \u2014 to lure users into interactions with iffy emails, sketchy sites, and strange-people on well-known platforms. Keep your guard up, and if somebody, something, or some site asks you for information that your bank or health club or grocery-delivery (etc.) <\/span>already should have,<\/span><\/i> let that alarm bell go off loudly in your head. Then take three giant steps away from your keyboard. <\/span><\/p>\n

If your spider-sense has even an inkling that an email from a friend or a site isn\u2019t the real deal: slow down and check it out. In general: try not to confer the trust you have in a person or company onto any representation made for them on the web. The web is\u2026the web. And it should always be treated with caution.<\/span><\/p>\n

Unprotected?:<\/b> Public, <\/span>unsecured wifi networks really are the devil\u2019s playground<\/span><\/a>.<\/span><\/p>\n

The upshot is that public networks have chinks in their armour, and hackers use those chinks to \u201ceavesdrop\u201d on your conversations. Information they steal through this technical kind of listening can lead to direct attacks, or\u2026down the road, a phishing or pharming attack tailored just for you. <\/span><\/p>\n

S matters:<\/b> There\u2019s a big difference between http:\/\/ and https:\/\/ \u2014 the difference is that \u201cs,\u201d which stands for secure. When you see the full https:\/\/, it means that information on both ends of the website transaction is encrypted and secure. When you don\u2019t \u2013 that may not be the case. This is such a widely accepted standard now that the absence of that s should put you on high alert.  <\/span><\/p>\n

Phishy?:<\/b> If it looks or sounds phishy, it probably is. It might also be pharmy. Here\u2019s an example of what we mean: in one of the biggest pharming attacks ever launched, a<\/span> DNS Switching attack on more than 50 financial institutions,<\/span><\/a> the affected users were presented with an error screen that asked them to switch off their anti-malware and any firewall protection they might be running. Many users simply complied, and provided access to the pharming malware to do the rest of the work. <\/span><\/p>\n

This obviously relates to our mindset discussion as well, but we wanted to emphasize that even very sophisticated pharming attacks will sometimes rely on users turning off systems of defense: whether it be their own mindset, or settings in place on their computer designed to protect them!<\/span><\/p>\n

Speaking of Defense\u2026  <\/b><\/p>\n

Of course one of the essential bits of protective equipment is a good security software solution. dfndr Pro provides several excellent tools to help you protect not only your private information but your physical phone as well. Having that combination of protections is important. <\/span><\/p>\n

Pro also offers a Safe App function that enables you to screen any app you might want to try before downloading it, and that can be an excellent first line of protection from malware of all types \u2013 including those that are designed expressly to uh, \u201dtake you down on the pharm.\u201d <\/span><\/p>\n

With your mindset on high-alert, and your phone protected with a well-designed, and multi-layered security capability, you can move about confidently. Just be careful out there, and try not to get any mud on your shoes!<\/span><\/p>\n

 <\/p>\n","protected":false},"excerpt":{"rendered":"

Pharming is creating a new, dangerous brand of impostor syndrome. Check how to avoid pharming accidents!<\/p>\n","protected":false},"author":79,"featured_media":21193,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_crdt_document":"","footnotes":""},"categories":[5],"tags":[210,1362,249,67,223],"class_list":["post-21190","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","tag-apps","tag-cybersecurity","tag-security","tag-smartphone","tag-tips"],"_links":{"self":[{"href":"https:\/\/www.psafe.com\/en\/blog\/wp-json\/wp\/v2\/posts\/21190","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.psafe.com\/en\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.psafe.com\/en\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.psafe.com\/en\/blog\/wp-json\/wp\/v2\/users\/79"}],"replies":[{"embeddable":true,"href":"https:\/\/www.psafe.com\/en\/blog\/wp-json\/wp\/v2\/comments?post=21190"}],"version-history":[{"count":2,"href":"https:\/\/www.psafe.com\/en\/blog\/wp-json\/wp\/v2\/posts\/21190\/revisions"}],"predecessor-version":[{"id":21194,"href":"https:\/\/www.psafe.com\/en\/blog\/wp-json\/wp\/v2\/posts\/21190\/revisions\/21194"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.psafe.com\/en\/blog\/wp-json\/wp\/v2\/media\/21193"}],"wp:attachment":[{"href":"https:\/\/www.psafe.com\/en\/blog\/wp-json\/wp\/v2\/media?parent=21190"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.psafe.com\/en\/blog\/wp-json\/wp\/v2\/categories?post=21190"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.psafe.com\/en\/blog\/wp-json\/wp\/v2\/tags?post=21190"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}