Pharming
Pharming attacks go one step further than phishing attacks by attacking the so-called DNS protocol (Domain Name System), i.e. a core element of the Internet, and redirecting users to fake websites.
Example
Tanja enters the web address of her bank in the address bar of her browser
www.online-bank.de in.
It does not realize that it is being redirected to a website prepared by attackers. She transfers a small amount to her boyfriend’s account.
A little later, she sees in her transaction display that a transfer of €1000 has been made without her consent. She was the victim of a pharmaceutical attack.
How can the DNS protocols be manipulated?
The DNS protocol must run on every Internet computer and converts host names (e.g. www.wikibanking.net) into IP addresses (e.g. 85.10.196.145) – and vice versa. Without this conversion, it is not possible to communicate on the Internet. At the same time, this conversion offers various points of attack:
Attack on the local “hosts” file
Every computer has a so-called “hosts” file, which also converts host names into IP addresses. An attacker can manipulate this file, e.g. via manipulated websites or a file attachment sent via spam.
Attack on DNS server
A relatively complex, but not impossible and barely noticeable attack, for example, manipulates one of the many DNS servers available on the Internet in order to “foist” manipulated IP addresses on it (DNS spoofing).
