Your smartphone suddenly beeps with the SMS:
“Your internet banking user ID linked to your A/C No. Xxxxxxxxxx62 will expire tomorrow. Please click here to generate a new user ID – http://”
Or sometimes with SMSs like:
“Congratulations on being a loyal customer of ABC bank! On completion of 5 long years with us, we would love to offer you free upgradation of your ATM cum Debit card. Click here to know more – http://”
There are hundreds of different patterns of messages that flash on our phones every day, every hour. The scary part is there are so many people who get lured into (or maybe out of curiosity) clicking on the anomalous links. Cybercriminals make the most use of this human psychological aspect to initiate fraudulences.
However, the duping pattern is getting sophisticated in recent times. The SMSs are at par with absolute accuracy as if they are genuine. This is the first trap that cyber criminals lie down for common people to dupe them of finances. Not just from a layman’s perspective, many cyber-literate people also fail to recognize this dangerous disguise.
Many among us know clicking on unknown links is risky. Despite that, we risk our digital identity by just being casual.
SMS Fraud has become a cliched term in the world of cyber risks. “Pharming” is a new risk. This type of cyberattack occurs at the DNS (domain name server) level where a hacker diverts a legitimate website to a fake site with the malicious intention of stealing the credentials and other confidential data that might have entered while shopping, ticket booking, or any other purpose. In a recent incident in India, a software engineer from Maharashtra lost more than 2 lakhs while booking a cab online through a fake website. Even after repeated attempts to contact the fake travel agent, the victim could neither contact them nor recover money.
The worst part of pharming attacks is the most convincing, making users believe that they are on a legitimate, trusted website. In the above incident as well, the same happened with the victim, where not even for a second, it seemed that the website was fake. In the case of phishing attacks, the victim needs to click on the fake link, but pharming can happen with or without user action. That is the most dangerous part of it.
Can we keep Pharming at bay?
It is true that there is no well-defined and convenient rule to combat against Pharming or recover your digital assets after being a Pharming victim. However, our own consciousness, awareness, and following the below rules can help us to keep it at bay.
Usage of Anti-Virus software: If anti-virus and anti-malware software is installed, then the users can stay alert because anything unusual is notified to the user and he/ she has ample scope to move out of the suspicious portal and avoid being a victim.
Keep up with Regular Software Updates: Any updates – whether it is a browser, an OS or maybe a software, carry the latest security patches that are developed to counterattack the most recent threat patterns. Any update is developed to counter the new strategies prepared by hackers to compromise data. Hence, staying updated can ensure security and overall cyber hygiene.
Check HTTPS URL: It is highly essential to check the address bar (full URL) once a web-page opens. Legitimate websites should always start with HTTPS at the beginning, which is nothing but a security certificate. It indicates that the site is certified and safe.
Check Additional URL safety: Apart from the security certificate, there is a lock icon at the beginning of the address bar. If it is safe, the lock is green in colour but if it is broken and red in colour, then we need to move out from the portal immediately.
Other Proof of Safety: Sometimes wrong spelling, poor grammar, no punctuation, and even just an extra letter in any of the words on the web title, might give strong signs of anomalies. Moreover, a different layout, out-of-proportion logo, or maybe a discolored logo can also be an indication of a pharming attack. So, it is better to refrain from browsing it.
Pharming attacks do their best to mislead into a strong belief that the website is authentic, but we fail to notice that the anomaly is detectable. Good cybersecurity practices and paying intermittent attention to the overall appearance of the websites help to keep our data safe.