What is pharming, and how can you avoid it?

Pharming is a type of cyber attack the goal of which is the theft of personal data. It consists in redirecting web traffic from a legitimate site to a fake manipulated one, to request information or install malware on the user's computer, in order to obtain personal and financial information. 

It is a very difficult attack to detect, as cybercriminals attack the DNS (Domain Name Server) with which they manage to redirect users to a fake website, with an official domain.

Esistono tre tipologie di attacchi che dirottano il traffico web verso un sito fraudolento:

• Computer host file attack (or local pharming): Malware can change your computer configuration in two ways: by telling it to use a malicious DNS server, other than that of your Internet provider, or by manipulating an operating system file called "host". 
• DNS server attack (or Drive-By pharming): Similar to the attack described above, but this time the attacker does not manipulate the computer but the configuration of the DNS service in your router with the same purpose.
• DNS server cache attack (or DNS poisoning): Its goal is to exploit possible vulnerabilities in the DNS server to insert a malicious IP address into its address cache.

Both cyber attacks have the same goal (to obtain personal data and information) but are performed differently.

While phishing uses bait (SMS, e-mail, etc.) to lure you to the malicious website, pharming acts on how DNS works so that your computer connects to a fraudulent website without you noticing. 

Surfing the Internet, even if at first glance it seems a simple activity, is actually a rather complex process, with many steps and exchanges of information that we do not see between our device, the web server on which we want to navigate and numerous intermediate services that exist to facilitate navigation. Just like with the DNS service. 

A pharming attack is difficult to detect if done right, so it is important to take a series of measures on all your devices (PC, smartphone, tablet etc.), before you start browsing:

• Always use up-to-date versions of the browser downloaded directly from the original website to make sure there are no security holes. You can also set them to automatically update with each new version.
• Make sure you are using a trusted DNS server (the one provided by your provider, or one of those recognized internationally, such as 8.8.8.8 or 1.1.1.1.)
• Use anti-malware software and keep it up to date: both traditional antivirus and malware browser extensions protect you while browsing and alert you in case of anomalies.
• Make sure the router setup screen is protected by a strong password. Attackers often manipulate the DNS server list on this device.

When browsing the internet:

• Avoid browsing important websites or websites on which you handle personal data (banking entities, public bodies, medical services, etc.) from public or other people's computers. They could be infected with malware.
• When accessing a website, make sure the URL is the official one. If in doubt, use a search engine to confirm that the address is valid.
• Check your browser and anti-malware software warnings: they notify you of any circumstances that may go unnoticed. Pay particular attention to warnings that a website is not secure (does not start with https: //) or that the url does not match that of the website's SSL digital certificate.
• Be wary of sites that ask you to provide data or to authenticate yourself in an unusual way.

Last important note: in caso di dubbio, appunta l'url, abbandona la navigazione e contatta il servizio clienti dell'azienda o dell'organismo in questione affinché possano esaminarla.