SkipToMainContent

Online Scams

What is a pharming attack? An overview + prevention tips

A man browses the internet on his laptop and learns about pharming attacks.

August 30, 2022

Pharming is a form of online fraud involving malicious code and fraudulent websites. Cybercriminals install malicious code on your computer or server. The code automatically directs you to bogus websites without your knowledge or consent.

The goal is to get you to provide personal information, like payment card data or passwords, on the false websites. Cybercriminals could then use your personal information to commit financial fraud or identity theft.

So, how can you help protect yourself against pharming? Here’s some information and tips that can help.

How does pharming work?

A graphic illustrates how a pharming attack works in three steps.


Hackers use pharming to force online users onto unsecure sites capable of tricking them into revealing personal  and sensitive data.

To fully understand how pharming works, it’s important to understand how Domain Name System (DNS) servers work.

DNS servers translate domain names into IP addresses. While websites use domain names for their addresses, an  IP address denotes their actual location. Your web browser then connects to the server with this IP address.

Once you visit a certain website, a DNS cache forms so you don’t have to visit the server each time you return to  the site. Both the DNS cache and the DNS server can be corrupted by pharming. This can result in two types of  pharming — malware-based pharming and DNS pharming.

Pharming vs. phishing

Pharming and phishing are two types of cyberattacks that are easily confused. They’re  similar because they both work to trick online users into revealing personal  information or steal money. 

However, phishing is a hacking method that uses emails to deliver infected links that  lead people to social engineering sites. Pharming, on the other hand, requires hackers  to do more coding and background work to intercept online traffic and redirect targets to their malicious sites.

To help you understand the differences between the two, let’s check out the signs of  each attack.

Signs of a pharming attack:

  • Hard to spot
  • Targets multiple people at a time
  • Malicious code installed on computer
  • Uses automatic redirects to lead users to malicious sites

Signs of a phishing attack:

  • Easy to spot
  • Targets one person at a time
  • Delivers malicious emails
  • Requires a manual click to trigger cyberattack

Now that you know the differences between pharming and phishing, let’s take a  deeper look at the types of pharming attacks you may encounter.

Types of pharming

Here are a couple types of pharming you may run into while browsing online.

Malware-based pharming

In this case, you may pick up a Trojan or virus via a malicious email or download. The  malware then covertly reroutes you to a fake site created and controlled by fraudsters  when you type in your intended website address.

This type of pharming software uses malicious code sent in an email to change your  computer’s local host files. These corrupted host files can then direct your computer to fraudulent sites regardless of the internet address you type.

DNS pharming

Domain Name Systems are computers on the internet that direct your website request  to the right IP address. A rogue, corrupted DNS server, however, can direct network  traffic to an alternate, fake IP address.

This pharming scam doesn’t rely on corrupting individual files, but rather occurs at the  DNS server level by exploiting a vulnerability. The DNS table is essentially poisoned, so  you’re being redirected to fraudulent websites without your knowledge.

If a large DNS server is corrupted, cybercriminals could target and scam an even larger  group of victims.

Pharming attack warning signs

Pharming attacks may be stealthy, but they have signs like most other cyberattacks.  Here are two signals of pharming.

  1. An unsecure connection. If your site address says “http” instead of “https” in the  address line, the website may be corrupted. 
  2. A website doesn’t seem right. If the site  you’re on has spelling errors, unfamiliar fonts or colors, or otherwise just doesn’t seem  legitimate, it may not be.

Examples of pharming attacks

Pharming cost victims more than $50 million in 2021. Here are a couple noteworthy  attacks that helped pharming get to where it is today.

  • Microsoft (2007): 50 financial institutions found themselves to be the recipients of a pharming attack that exploited a Microsoft vulnerability, creating fraudulent websites that mimicked the targeted bank sites.
  • Brazil (2015): A pharming attack targeting Brazilian internet users exposed  security flaws in home routers to gain access to administrative network  settings. 

Just because hackers have a couple wins under their belt doesn’t mean you’re an easy  target. There are several ways you can help keep yourself protected from pharming  scams.

Pharming attack protection tips

A graphic lists seven protection tips you can use to avoid a pharming attack.


Not all antivirus and spyware removal software can protect against pharming, so additional anti-pharming  measures may be needed.

Here are some anti-pharming safeguards.

  • Avoid unsecure websites (double-check URLs for typos)
  • Be cautious when opening links or attachments that you weren’t expecting or that are from an unfamiliar sender
  • Enable two-factor authentication on sites that offer it
  • Use a reputable internet service provider whenever possible
  • Use a VPN service that has reputable DNS servers
  • Change the default password on routers and wireless access points
  • Download reliable antivirus software

If you suspect you’re already a victim of pharming, you can try resetting your computer to reset your DNS entries.

As these cyberattacks show, pharming could be a major threat for people using e-commerce and online banking websites.

That’s why it’s important to know about pharming and learn what you can do to help protect against it.

Cyber threats have evolved, and so have we.

Norton 360™ with LifeLock™, all-in-one, comprehensive protection against viruses, malware, identity theft, online tracking and much, much more.

Try Norton 360 with Lifelock.


Editorial note: Our articles provide educational information for you. NortonLifeLock offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about cyber safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses.

Copyright © 2022 NortonLifeLock Inc. All rights reserved. NortonLifeLock, the NortonLifeLock Logo, the Checkmark Logo, Norton, LifeLock, and the LockMan Logo are trademarks or registered trademarks of NortonLifeLock Inc. or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Android, Google Chrome, Google Play and the Google Play logo are trademarks of Google, LLC. Mac, iPhone, iPad, Apple and the Apple logo are trademarks of Apple Inc., registered in the U.S. and other countries. App Store is a service mark of Apple Inc. Alexa and all related logos are trademarks of Amazon.com, Inc. or its affiliates. Microsoft and the Window logo are trademarks of Microsoft Corporation in the U.S. and other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other names may be trademarks of their respective owners.

No one can prevent all identity theft or cybercrime.  Not all products, services and features are available on all devices or operating systems. System requirement information on norton.com.

*Important Subscription, Pricing and Offer Details:

  • The price quoted today may include an introductory offer. After that, your membership will automatically renew and be billed at the applicable monthly or annual renewal price found here.
  • You can cancel your subscription at my.norton.com or by contacting Member Services & Support. For more details, please visit the Refund Policy.
  • Your subscription may include product, service and /or protection updates and features may be added, modified or removed subject to the acceptance of the Customer Agreement.

The number of supported devices allowed under your plan are primarily for personal or household use only. Not for commercial use. If you have issues adding a device, please contact Member Services & Support.

§ Dark Web Monitoring in Norton 360 plans defaults to monitor your email address only. Please login to the portal to review if you can add additional information for monitoring purposes.