The use of the internet is now unavoidable in our daily lives. However, tcomputer attacks such as pharming and phishing are also more commonjeopardizing the security of our money and our personal data.To prevent this from happening, you must, first of all, make sure your computer is protected by an antivirus program. But, even so, it does not mean that you cannot be the target of a computer attack by hackers (the name by which hackers are known) with the aim of accessing your personal data, such as your homebanking passwords and, in this way, , access your money. It has therefore become essential to be aware that these attacks are sometimes “allowed” by us. That is, they result from actions that we perform unconsciously. But the good news is that we too we can prevent these cyber attacks.
Pharming and phishing: what sets them apart?
Pharming and phishing are both computer attacks carried out by hackers who want to obtain confidential information.In phishing, the Theft of this information is done, tendentially, through access to a cloned website, via fake email. But there are other ways, namely by message or phone or even by accessing false login windows, the way recently disclosed by the GNR. On the other hand, in pharming the Theft of this information involves creating fake malicious websites to which, unknowingly, it may be directed.
Pharming
Pharming results from the combination of the two words phishing and farming and its attack takes place after your computer, or the server where the website is, has been infected by malware. Ie, malicious software that multiplies and will manipulate websites where it really wants to go.What pharming really does is exploit your internet browsing system. That is, the conversion of the sequence of letters that form the address of a website into an IP address diverting you to a fake website identical to the one you actually want to access.Which is in fact a problem, because you may even be following the security rules of typing the website you want to access, avoiding entering via links, but you will be directed to a fake website.Once there, when entering your credentialsis actually inadvertently giving them to the hacker that with them you will have access to the real website (like your homebanking), or you can use them for financial fraud. Ie, just been a victim of identity theft.
How does pharming work?
It can work in two different ways: or from your computer or from the server where the website is as mentioned.
from your computer
You may have received an email with an infected attachment. This mail may have been sent by the pirate or even by someone you know who received it, opened the attachment (for example a video) and forwarded it to you (because it was even funny) without knowing that you were infected.When you opened the video, you installed a virus or a trojan on your computer that will change your computer’s hosts file, always directing you to the fake website. And if you also found it funny and send it to your friends, will make them also have infected computers.
from the server
Here there will be no malware installed on your computer, but on a DNS server (which translates a website’s URL into an IP address). Somehow the pirate managed to install the malware there and it will lead to all people who access that site (writing the correct name) are in fact accessing the fake site. This form of pharming is also known as “DNS cache poisoning”.
phishing
Phishing, on the other hand, consists of sending fraudulent messages from a source that appears to be safe in order for you to take some action by providing confidential personal data. emails that appear to be from your bank asking you to enter your homebanking credentials because they are changing the computer system and, if you don’t, you may lose access to your bank account. These are fake emails, but as they always have “urgent” and “important” messages, we end up doing what they ask us to do and, in this way, we give access to our bank account.
How does phishing work?
To carry out this type of attack, hackers sometimes start from contact lists. And the best way to obtain them will be to “steal” them from companies that own them. Obtained these contact lists create false messages that appear to be from a trustworthy and credible entity.Messages always use emotions, such as fear, urgency or curiosity, as a way of encouraging the victim to act. And that’s why always receive a message with this content be suspicious.
Phishing uses multiple channels
Despite the most popular means being e-mail, there are other channels that pirates have been using.The reason for diversification is simple: there are so many alerts against fraudulent emails that we are all much more attentive. We are suspicious of emails with attachments, or if they ask us to click on a link, or if they come, for example, from our bank and we are not expecting anything.
smishing
The word smishing results from the combining SMS with phishing is nothing more than executing the attack through your mobile phone, taking advantage of the fact that its use is almost constant during the day and our attention to SMS is less than we give it to email. It consists of receiving an SMS from an apparently legitimate entity encouraging us to do the same actions as in fraudulent emails. So if you have doubts call the entity that supposedly sent it. Heads up, never enter your data.Also read: Mobile banking app: 11 precautions to take for your safety
Vishing
This word that comes from the voice merge with phishing. So, in this case, the attack is done through a phone call.The call can be made from an automatic message or you can actually be talking to a person who identifies themselves as being from a reputable company and will ask you for some data to proceed with the call.Do not provide the data and hang up the call. Do not call back the number you were called from. Look for the entity’s phone number and call that number confirming that the call was in fact made by the entity. If you come from a speaking entity then you have just informed the legitimate entity that they are being used in a computer attack.
Browser-in-the-Browser (BitB) – login windows
The GNR recently informed the media that situations of phishing via a new Browser-in-the-Browser (BitB) techniqueThis new technique simulate a login window, inside an already active window to steal access credentials. According to the GNR you can identify if a window is fake if: When resizing the login window it is not able to resize itIt is not possible to maximize it using the corresponding button;It is not able to move it outside the window limits of the browser; the “minimize” button to close
How can I protect myself from pharming and phishing attacks
The advice goes in the sense of: Install antivirus and update it regularly;Clear cache regularly;Enter websites by typing and never by links;Monitor your online bank accounts regularly;Do not click on unknown links or sent by those who do not know;Have beware of pop-up windows; Never give out personal and confidential information.If you are a victim of these attacks, report it with the Judiciary Police or the Public Ministry. Also read: How to ensure digital security in telework: 9 recommendations