What is a pharming attack? An overview + prevention tips
August 30, 2022 2 min read
Don’t let a pharming attack threaten your cybersecurity. Continue to learn the basics of pharming scams as well as tips to help keep devices protected.
Pharming is a form of online fraud involving malicious code and fraudulent websites. Cybercriminals install malicious code on your computer or server. The code automatically directs you to bogus websites without your knowledge or consent.
The goal is to get you to provide personal information, like payment card data or passwords, on the false websites. Cybercriminals could then use your personal information to commit financial fraud or identity theft.
So, how can you help protect yourself against pharming? Here’s some information and tips that can help.
How does pharming work?
Hackers use pharming to force online users onto unsecure sites capable of tricking them into revealing personal and sensitive data.
To fully understand how pharming works, it’s important to understand how Domain Name System (DNS) servers work.
DNS servers translate domain names into IP addresses. While websites use domain names for their addresses, an IP address denotes their actual location. Your web browser then connects to the server with this IP address.
Once you visit a certain website, a DNS cache forms so you don’t have to visit the server each time you return to the site. Both the DNS cache and the DNS server can be corrupted by pharming. This can result in two types of pharming — malware-based pharming and DNS pharming.
Pharming vs. phishing
Pharming and phishing are two types of cyberattacks that are easily confused. They’re similar because they both work to trick online users into revealing personal information or steal money.
However, phishing is a hacking method that uses emails to deliver infected links that lead people to social engineering sites. Pharming, on the other hand, requires hackers to do more coding and background work to intercept online traffic and redirect targets to their malicious sites.
To help you understand the differences between the two, let’s check out the signs of each attack.
Signs of a pharming attack:
Hard to spot
Targets multiple people at a time
Malicious code installed on computer
Uses automatic redirects to lead users to malicious sites
Signs of a phishing attack:
Easy to spot
Targets one person at a time
Delivers malicious emails
Requires a manual click to trigger cyberattack
Now that you know the differences between pharming and phishing, let’s take a deeper look at the types of pharming attacks you may encounter.
Types of pharming
Here are a couple types of pharming you may run into while browsing online.
In this case, you may pick up a Trojan or virus via a malicious email or download. The malware then covertly reroutes you to a fake site created and controlled by fraudsters when you type in your intended website address.
This type of pharming software uses malicious code sent in an email to change your computer’s local host files. These corrupted host files can then direct your computer to fraudulent sites regardless of the internet address you type.
Domain Name Systems are computers on the internet that direct your website request to the right IP address. A rogue, corrupted DNS server, however, can direct network traffic to an alternate, fake IP address.
This pharming scam doesn’t rely on corrupting individual files, but rather occurs at the DNS server level by exploiting a vulnerability. The DNS table is essentially poisoned, so you’re being redirected to fraudulent websites without your knowledge.
If a large DNS server is corrupted, cybercriminals could target and scam an even larger group of victims.
Pharming attack warning signs
Pharming attacks may be stealthy, but they have signs like most other cyberattacks. Here are two signals of pharming.
An unsecure connection. If your site address says “http” instead of “https” in the address line, the website may be corrupted.
A website doesn’t seem right. If the site you’re on has spelling errors, unfamiliar fonts or colors, or otherwise just doesn’t seem legitimate, it may not be.
Examples of pharming attacks
Pharming cost victims more than $50 million in 2021. Here are a couple noteworthy attacks that helped pharming get to where it is today.
Microsoft(2007): 50 financial institutions found themselves to be the recipients of a pharming attack that exploited a Microsoft vulnerability, creating fraudulent websites that mimicked the targeted bank sites.
Brazil(2015): A pharming attack targeting Brazilian internet users exposed security flaws in home routers to gain access to administrative network settings.
Just because hackers have a couple wins under their belt doesn’t mean you’re an easy target. There are several ways you can help keep yourself protected from pharming scams.
Pharming attack protection tips
Not all antivirus and spyware removal software can protect against pharming, so additional anti-pharming measures may be needed.
Dan Rafter is a freelance writer who covers tech, finance, and real estate. His work has appeared in the Washington Post, Chicago Tribune, and Fox Business.
Editorial note: Our articles provide educational information for you. Our offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about Cyber Safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses. The Norton and LifeLock brands are part of Gen Digital Inc.