Let's learn about DNS Poisoning or DNS Spoofing or Pharming and Phishing
What is DNS Poisoning ⇒
Also called Pharming or DNS Spoofing
DNS Spoofing is the art of making a DNS Entry to point to an another IP than it would be supposed to point to
Three Techniques used ⇒
DNS Cache Poisoning
DNS ID Spoofing
ARP Poison
Sniff DNS Packets from a certain victim
Reply Fake DNS Packets
Making the attack more accurate with the Birthday Paradox
In DNS Poisoning Attack
Change IP Address to Redirect URLs to Fraudulent sites
Potentially more dangerous than phishing attacks
No email solicitation is required
So, This is the process of copying genuine websites and redirecting users from a genuine website to a fake website without user's knowledge
Pharming, leverages cache poisoning against DNS
Scammers spoof URLs from valid site using DNS Cache Poisoning
More about Pharming
Email Viruses
Alters the computer's host file
DNS Poisoning
Nothing on your computer changes
The company's website is Hijacked
Detection is very difficult
Pharming attacks can infect DNS caches or servers and reroute internet traffic to fake and malicious websites
Pharming is another way hackers attempt to manipulate users on the Internet
It redirects users to false websites without them even knowing it and access their credit card, debit card, and OTP details.
So, Pharming use malicious code which can be install on a personal computer or mobile or server which misdirecting users to fake website even without knowing or consent
The goal of a pharming attack is to get you to provide personal information,
e.g. Credit card information or passwords which could be used to commit financial fraud and identity theft.
Pharming actually ⇒ Do ⇒
write an entry into machine's /etc/hosts file ⇒
"Phishing-IP Victim-Name"
Question Arise ⇒ So, what is Phishing ? and how it differs with Pharming ? Are they same ?
Pharming is Phishing's Evil Cousin
In order to carry out pharming scams, hackers misuse DNS as the main weapon vector.
While phishing attempts are carried out by using spoofed websites, appearing to have come from legitimate entities,
pharming relies on the DNS server level.
Unlike phishing, pharming doesn’t rely on bait like fake links to trick users.
Instead, Pharming compromises the DNS server and redirects users to a simulated website even if the user has inputted the correct web address
So, if a hacker launches a successful DNS cache poisoning attack, it will alter the fundamental web traffic flow to the targeted website. ⇒ Then it is PHARMING
Phishing includes other techniques like
smishing, vishing, fax phishing (phaxing), etc
Pharming includes techniques like
DNS spoofing, DNS hijacking, DNS cache poisoning, and all the DNS altering scams
PHISHING :
PHARMING :
How to Prevent Phishing and Pharming?
Lookout for HTTPS in URLs
DNS spoofing doesn’t generally work on HTTPS websites.
Even if the hacker manages to spoof a legitimate website and redirect a server under its control, it will not be of any use.
Check for Suspicious-looking Emails
Phishing emails more than often consists of grammatical errors and suspicious-looking content.
Also, the source of the email address in most cases is unknown, so it is always better to cross-check any unfamiliar or unexpected email.
Brand Monitoring
Always keep track of how your brand is being represented online
Anti-phishing and fraud monitoring tools help in identifying if there is any online copyright infringement activity going on against your organization’s website or application.
Avoid Clicking on Links
Emails are the successful carriers of malicious attachments like links, document files, images, etc.
Try to avoid clicking suspicious or unexpected email attachments as they redirect users to fraud web pages and request personal information.
verify such emails on an incident response tool so as to avoid becoming a target of any cyber attack.
Email Authentication Protocols
Secure your email domain from unauthorized access with email authentication protocols such as