DNS Poisoning and Phishing

 

Let's learn about DNS Poisoning or DNS Spoofing or Pharming and Phishing   What is DNS Poisoning ⇒ Also called Pharming or DNS Spoofing DNS Spoofing is the art of making a DNS Entry to point to an another IP than it would be supposed to point to Three Techniques used ⇒ DNS Cache Poisoning DNS ID Spoofing ARP Poison Sniff DNS Packets from a certain victim Reply Fake DNS Packets Making the attack more accurate with the Birthday Paradox In DNS Poisoning Attack Change IP Address to Redirect URLs to Fraudulent sites Potentially more dangerous than phishing attacks No email solicitation is required So, This is the process of copying genuine websites and redirecting users from a genuine website to a fake website without user's knowledge Pharming, leverages cache poisoning against DNS Scammers spoof URLs from valid site using DNS Cache Poisoning More about Pharming Email Viruses Alters the computer's host file DNS Poisoning Nothing on your computer changes The company's website is Hijacked Detection is very difficult Pharming attacks can infect DNS caches or servers and reroute internet traffic to fake and malicious websites Pharming is another way hackers attempt to manipulate users on the Internet It redirects users to false websites without them even knowing it and access their credit card, debit card, and OTP details. So, Pharming use malicious code which can be install on a personal computer or mobile or server which misdirecting users to fake website even without knowing or consent The goal of a pharming attack is to get you to provide personal information, e.g. Credit card information or passwords which could be used to commit financial fraud and identity theft. Pharming actually ⇒ Do ⇒ write an entry into machine's /etc/hosts file ⇒ "Phishing-IP Victim-Name" Question Arise ⇒ So, what is Phishing ? and how it differs with Pharming ? Are they same ? Pharming is Phishing's Evil Cousin In order to carry out pharming scams, hackers misuse DNS as the main weapon vector. While phishing attempts are carried out by using spoofed websites, appearing to have come from legitimate entities, pharming relies on the DNS server level. Unlike phishing, pharming doesn’t rely on bait like fake links to trick users. Instead, Pharming compromises the DNS server and redirects users to a simulated website even if the user has inputted the correct web address

So, if a hacker launches a successful DNS cache poisoning attack, it will alter the fundamental web traffic flow to the targeted website. ⇒ Then it is PHARMING   Phishing includes other techniques like smishing, vishing, fax phishing (phaxing), etc Pharming includes techniques like DNS spoofing, DNS hijacking, DNS cache poisoning, and all the DNS altering scams   PHISHING :

PHARMING :

How to Prevent Phishing and Pharming? Lookout for HTTPS in URLs DNS spoofing doesn’t generally work on HTTPS websites. Even if the hacker manages to spoof a legitimate website and redirect a server under its control, it will not be of any use. Check for Suspicious-looking Emails Phishing emails more than often consists of grammatical errors and suspicious-looking content. Also, the source of the email address in most cases is unknown, so it is always better to cross-check any unfamiliar or unexpected email. Brand Monitoring Always keep track of how your brand is being represented online Anti-phishing and fraud monitoring tools help in identifying if there is any online copyright infringement activity going on against your organization’s website or application. Avoid Clicking on Links Emails are the successful carriers of malicious attachments like links, document files, images, etc. Try to avoid clicking suspicious or unexpected email attachments as they redirect users to fraud web pages and request personal information. verify such emails on an incident response tool so as to avoid becoming a target of any cyber attack. Email Authentication Protocols Secure your email domain from unauthorized access with email authentication protocols such as DMARC Dynamic SPF Dynamic DKIM