“Cybercriminals have been hijacking the Internet connections of users in Brazil by modifying Domain Name System (DNS) settings in their routers, researchers at Proofpoint reported on Thursday.
These types of operations, known as pharming attacks, are designed to lure victims to fake websites, which usually mimic the ones of banks, in an effort to steal credentials and other sensitive information.
Pharming attacks can be highly efficient because in many cases they are difficult to spot. By modifying the router’s DNS settings, the attacker ensures that users are taken to a bogus site when they type in the domain name of the legitimate website in the Web browser’s address bar. Usually, the DNS is hijacked in network-based attacks, but a recent campaign shows that phishing emails can be just as effective.”