IT Services – Kansas City

How To Prevent Phishing And Pharming Attacks

Common Forms of Cyber Attack and How To Prevent Them

 

Business Owners Beware

If you’ve decided to pursue the American dream and you are a business owner today, you might be short on spare time. You have enough to worry about each day, without worrying too much about what terms like “phishing” and “pharming” are on the internet. And since you typically don’t need technical support, when you do, it can be a problem.

Or perhaps you’re a new business owner, just trying to educate yourself on these and other current cybersecurity threats, in today’s fast-moving world of technology.

Conversely, you may not own a business at all, but as a consumer, you want to know what kind of threats are out there. Whatever your individual circumstances are, if you’re interested in how to prevent these types of cyberattacks, that‘s the topic for this post.

What Is Malware?


First of all, let’s talk a little bit about what malware is, exactly. The word ‘malware’ is a portmanteau of the words malicious and software, to make the word malware. It is any type of software or firmware designed with malicious or harmful intent. It is a serious cyber threat, whether you own a business or not – and it comes in many different forms.

The two main types we’re going to talk about today are phishing and pharming. Although the terms make these two kinds of cyberattacks sound innocuous enough, a phishing attack or a pharming attack can result in devastating effects for either an individual or an entire business.

What Is Phishing?

 

Phishing uses a type of social engineering for its cyberattack, referring of course to the type of social engineering techniques used online by hackers.

The act of phishing itself refers to the art of first designing, then throwing out the “lure”, most commonly done through (bulk) phishing emails or in a (bulk) phishing email attachment.

Then they sit back and look at what they “catch” from unsuspecting users – in the form of personal information, or as the first step of a ransomware attack.

Phishing Origins

The word phishing comes from what’s called “leet“, or “leetspeak“, a sort of online language using modified spellings of words in unique ways, that ironically and simultaneously exploit similarities.

“Leet” is a variation of the word “elite”, and is used in leetspeak to describe someone with considerable prowess in hacking or gaming skills. Leetspeak and online fraud like stealing personal information is as old as the internet itself.

Getting More Dangerous

There are multiple varieties of phishing attacks, however, and hackers always evolve and become more sophisticated. (See our “Complete Phishing Guide”.) A phishing attack is the most common type of cyberattack as of 2020, and it can also be one of two steps to a successful ransomware attack, which can devastate a fledgling business.

What Is Pharming?

A pharming attack works in two stages, but it’s designed to redirect web traffic from a legitimate website to another malicious website. The fraudulent website looks nearly identical to the legitimate site but is controlled by the cyber-criminal. Victims of pharming attacks are tricked into divulging their sensitive data because they don’t even realize they’ve gone to a fake website.

Fake Websites – “Phishing Without A Lure”

Online banking and ecommerce websites are often targeted for creating a fake site to use in pharming attacks. The object is usually the same as in phishing scams: to steal login credentials and/or other sensitive personal information, for use in identity theft, ransomware attacks, and data breaches of confidential information.

Pharming Origins

The term pharming is called a neologism, which is a relatively recent word or term currently being integrated into common use, but not quite considered mainstream yet. Typically, a neologism is driven by a society’s cultural and technological changes and often is a mix of more than one word.

In this case, the words phishing and farming are at the root of pharming, and the term would also be considered a part of leetspeak.

DNS Servers

DNS stands for domain name system and the DNS servers are typically provided by your Internet Service Provider (ISP). If you own a business you may operate on your own private network with your own DNS server. What the domain name system does is it takes the domain names we type in, and turns them into a string of numbers we know as IP addresses; the language of computers.

If you are the administrator of your own DNS server, be sure you change the default settings and password and clear your DNS cache often. Blue Oak Technology Solutions can help you manage DNS threats as well as all other cybersecurity issues, as your offsite IT department! Contact us today to see how we can help you.

Final Comparisons

Phishing Scams

A phishing scam most often uses malicious emails, but can also be text messages or even voice calls, usually masquerading as a trusted site or business. A request to “click or download link to resolve” (the purported issue) is contained in the message.

The malicious link then takes you to a malicious site, as the website address will be to a fake site. Phishing sites all want the same thing – access to your online accounts and personal data.

Pharming Scams

Similar in nature but not in the method of delivery, pharming takes our system for requesting an internet address through our domain names and inserts malicious code into the DNS server which enables pharming.

A pharming site also wants your sensitive data, for further criminal activities like theft. Both types of cyber threats are serious and cannot be stopped through antivirus software.

How To Prevent Phishing And Pharming Attacks

There are still some things you can do to prevent these kinds of attacks:

  • For suspicious-looking websites or suspicious redirects, check the internet address bar to verify the URL – many hackers will just switch a letter around, attempting to fool you.
  • Switch to a trusted, reliable DNS server. It can make a big difference.
  • Never click a link from unknown senders.
  • Check your DNS cache often, and practice DNS caching regularly.
  • Do NOT give out any sensitive data unless you’re completely certain of who you’re talking to.
  • Get Blue Oak Technology Solutions!

Blue Oak Technology Solutions

Here at Blue Oak Technology Solutions, we understand small businesses. We never try to sell you a package deal with services you don’t need, but instead let you choose only the IT services in KC you need and will use. We also give you the option of monthly managed services at a very competitive price, or if you prefer, you can pay-as-you-go. We believe in high quality, personalized attention for our clients. Contact Blue Oak Technology Solutions today.