A security analyst receives reports that several employees are being redirected to a fraudulent login page after typing the correct URL for a company application into their browser. Further investigation reveals that the company's internal DNS server has been compromised. Which type of attack best describes this scenario?
Pharming redirects users to fraudulent websites by compromising DNS servers or host files, even when the correct URL is entered. The DNS server compromise in this scenario is a classic pharming technique.
Why this answer
Pharming is correct because the attack redirects users from a legitimate website to a fraudulent one without their knowledge or interaction, typically by compromising the DNS resolution process. In this scenario, the internal DNS server has been compromised, so when employees type the correct URL, the DNS server returns the IP address of a fake login page instead of the real one. This is a classic example of DNS poisoning, a form of pharming.
Exam trap
The trap here is that candidates often confuse pharming with phishing because both involve fake login pages, but pharming does not require the user to click a link—it subverts the DNS resolution process, making it a technical infrastructure attack rather than a social engineering one.
How to eliminate wrong answers
Option A is wrong because phishing relies on deceptive messages (e.g., emails or texts) that trick users into clicking a malicious link or providing credentials, not on compromising the DNS resolution infrastructure. Option B is wrong because spear phishing is a targeted form of phishing that uses personalized messages to deceive a specific individual or group, but it still requires user interaction with a link or attachment, not the manipulation of DNS records.