What is pharming?

Pharming is a malicious and widespread type of cybercrime that can be used for identity theft or financial theft.

11-07-2022 - 9 minute read. Posted in: phishing.

What is pharming?

Understanding and preventing a pharming attack: A comprehensive guide

Pharming is a type of cyberattack that redirects users to fake websites to steal personal and financial information. In this article, you will learn what pharming is, how it works, how it differs from phishing, and how to protect yourself.

What is a pharming attack?

A pharming attack is a cybercrime technique that tricks internet users into visiting fraudulent websites that appear legitimate. The goal is to steal sensitive data such as usernames, passwords and banking information.

Unlike phishing, which usually requires the victim to click on a malicious link, pharming can occur automatically without any user interaction. This makes pharming especially dangerous and difficult to detect.

How pharming works

How does pharming work? Pharming is a fraudulent activity that can redirect users to fake websites to steal sensitive information, even if they input the correct URL. It exploits the connection between your device and the websites you want to visit. Attackers manipulate how your browser finds websites, typically by interfering with the Domain Name System, or DNS. There are two main types of pharming attacks.

Malware-based pharming

Cybercriminals can install malicious software on your computer, such as a virus or Trojan. This pharming malware alters your computer’s local settings so that even if you type the correct website address, you are redirected to a fake version of the site. Pharming malware can corrupt locally hosted files and stored IP addresses.

Attackers can manipulate the host file on your computer to redirect legitimate web addresses to fraudulent sites. Changing stored IP addresses can redirect users to fraudulent websites.

Malware can reside on a user's computer, altering critical files. Downloaded malware can lead to pharming attacks by redirecting users to fraudulent websites.

Malware-based pharming often begins when someone clicks a suspicious link or pop-up ad, or downloads a file from an untrusted source. This harmful software can modify and corrupt locally hosted files on your computer.

DNS poisoning

DNS server poisoning, also known as DNS spoofing, corrupts the DNS system to misdirect users to fraudulent websites instead of their intended destinations. The dns cache plays a crucial role in pharming attacks, as cybercriminals exploit weak DNS caches to redirect web traffic to malicious sites.

If attackers manage to manipulate dns queries, they can redirect traffic from many users to fake websites. DNS cache poisoning exploits vulnerabilities at the DNS server level, affecting multiple users simultaneously and often leading to data theft or malware distribution.

Attackers can alter the dns settings of a victim's computer or network device to redirect users to fraudulent websites. Ensuring the correct IP address in DNS queries is essential for secure internet navigation.

False IP addresses are used in DNS poisoning to mislead users into visiting malicious sites. DNS servers direct users' web requests to specific IP addresses, highlighting the importance of proper DNS functioning to prevent such attacks.

How DNS works and why it is targeted

The Domain Name System, which operates using the Internet Protocol, translates domain names like google.com into numerical IP addresses that your computer uses to find the correct website. DNSChanger malware significantly impacted DNS settings on infected devices, redirecting users to fake websites. When you enter a web address in your browser, your device asks a DNS server to find the matching IP address.

Because pharming targets this lookup process, it can redirect your traffic even if you type the correct address or avoid clicking on suspicious links.

Pharming vs. phishing

Both pharming and phishing are methods used by cybercriminals to steal data. Phishing attacks are a type of cyberattack designed to manipulate victims into providing sensitive data through deceptive communication channels, such as emails or texts, impacting both individuals and businesses with data breaches and reputational harm. A specific phishing attack might involve threat actors crafting emails that mimic legitimate sources to trick recipients into clicking malicious links or attachments, leading to the theft of personal or financial information.

The difference is that phishing relies on tricking the user into clicking something, while pharming redirects users automatically.

Pharming requires no action from the victim, which makes it more difficult to detect. The name “pharming” is a blend of the words “phishing” and “farming”, referring to the way information is harvested without the victim realizing it.

What fake websites are used in pharming?

Pharming attacks often target websites that handle sensitive or financial information. These can include:

  • Online banking platforms

  • E-commerce stores

  • Payment systems

A fake site is designed to look exactly like the real one, with the primary purpose of stealing personally identifiable information and login credentials from unsuspecting victims. A fake or spoofed website is managed by attackers and can capture sensitive personal data entered by the victim.

A malicious site plays a crucial role in pharming by redirecting users to harmful destinations despite entering the correct URL. Malicious websites can exploit vulnerabilities in the DNS infrastructure, posing significant risks to users.

A fraudulent website is dangerous because it deceives users into entering sensitive information, often resulting in identity theft and financial fraud. A malicious website is set up through tactics like malware and social engineering, aiming to steal sensitive information or facilitate further cyberattacks.

To dive deeper, explore how malware operates and understand the role of social engineering in cybercrime.

Attackers fraudulent websites are part of a malware-based pharming scheme, redirecting users to fake sites due to malicious code on their device. Fake sites mimic legitimate banking organizations to deceive customers and capture sensitive information like login credentials.

How to identify a pharming website

Here are some ways to spot pharming:

  • Be aware of suspicious websites. These often have unusual URLs, lack HTTPS, or display design inconsistencies.

  • Identify a specific website targeted by pharming by checking for slight misspellings in the domain name, such as paypa1.com instead of paypal.com.

  • Check that the web address starts with HTTPS. A secure site will show a padlock icon and use HTTPS. If the URL starts with HTTP only, the site may not be secure.

  • Look for spelling errors in the domain name. For example, paypa1.com instead of paypal.com.

  • Check for design inconsistencies. If a website looks unusual or different from what you remember, double-check its authenticity.

  • Use trusted bookmarks instead of typing addresses manually.

How to protect yourself from pharming

To reduce your risk of falling victim to a pharming attack, use malware removal tools to eliminate any malicious software that may be operating silently in the background. To prevent pharming attacks, be aware of warning signs, verify website authenticity, and understand social engineering tactics.

Be cautious with software downloads, as they can inadvertently introduce Trojans or viruses that compromise your device security and redirect you to fraudulent websites. Follow these best practices:

Use antivirus and anti-malware software

Install reliable security software that can detect threats such as Trojans and viruses. Once malware executes, it can persist even after reboots, silently monitoring user activity or hijacking browser settings without any required user interaction. This includes intercepting web requests to redirect users to malicious websites without their knowledge. Keep your software updated to stay protected against new types of malware.

Use a secure DNS provider

Switch to a DNS provider that includes security features. Many people rely on their internet provider's default DNS, which may not offer protection against DNS poisoning. Consider using services like Google Public DNS or Cloudflare DNS.

Enable two-factor authentication

Two-factor authentication adds an extra layer of security. Even if your password is stolen, the attacker will not be able to log in without your second authentication method.

Be cautious when receiving emails from unknown senders. Do not click links or download files unless you are certain they are safe.

Check website addresses carefully

Always verify that you are on the correct website before entering personal information. Small changes in spelling can be a sign of a fake website.

Use attack surface management (ASM)

For businesses, attack surface management tools help you monitor and protect your digital assets. ASM allows you to identify weak points that hackers might exploit in a pharming attack.

Consequences of pharming attacks

Pharming can have serious consequences, including the theft of financial data, which is crucial as it can lead to significant financial losses and security breaches. Identity theft is another major risk, where attackers use stolen information to impersonate victims.

Victims of pharming may experience data breaches, which can expose sensitive information and have long-lasting impacts on personal and organizational security. A victim's computer can be compromised, with malicious code altering DNS settings to redirect users to fraudulent websites.

Pharming attacks exploit vulnerabilities in computer systems, making them susceptible to unauthorized access and manipulation. Multiple users can be affected simultaneously, especially through DNS cache poisoning, which targets large groups by exploiting DNS server vulnerabilities.

A targeted financial company can suffer severe repercussions, including loss of customer trust and financial damage. Targeted financial companies often face imitation web pages designed to harvest login information, posing significant security risks.

Pharming can redirect unsuspecting users to malicious websites without their knowledge, as malware silently manipulates web requests in the background. This highlights the importance of staying alert and following good cybersecurity habits.

Final thoughts

Pharming is a serious cyber threat that can compromise your personal and financial information without your knowledge. To stay safe, verify URLs, use strong cybersecurity tools and be aware of the signs of fake websites.

Good digital hygiene and a cautious approach can go a long way in protecting you against pharming.

This post has been updated on 02-05-2025 by Sarah Krarup.

Author Sarah Krarup

Sarah Krarup

Sarah studies innovation and entrepreneurship with a deep interest in IT and how cybersecurity impacts businesses and individuals. She has extensive experience in copywriting and is dedicated to making cybersecurity information accessible and engaging for everyone.

View all posts by Sarah Krarup

Similar posts