What is a pharming attack?

2020-06-08 - 7 min read

A mixture of the words phishing and farming, a pharming attack breaches an entire network by targeting a single computer. The attacker first infects your device with malware and then redirects your traffic to a fake version of a website. The fake sites can be used to install further malware onto your device or collect personal and financial information. That can be later used to steal your identity and commit financial fraud in your name.

Pharming vs. phishing

Pharming is phishing on a mass scale, with the goal of infecting an entire network of computers. In a phishing attack, a victim is lured with clickbait into downloading vicious malware. Think malicious links in an email or a shady text message from an unknown sender requesting an urgent reply. They require some level of involvement from the victim. A pharming attack doesn't need that initial haphazard click from you that takes you to the fraudulent website; it uses malware to redirect you without your knowledge.

How does pharming work?

A pharming attack works by installing malware or by poisoning a DNS server. The goal is the same – to redirect you to fraudulent websites designed to steal your information.

Malware pharming

In this case, you pick up a virus or a trojan from a malicious email or download. It changes your computer's hosts file to redirect your traffic to the hacker's bogus website instead of the real one.

DNS poisoning

The hacker poisons a DNS server, causing multiple users to unknowingly visit the bogus site controlled by fraudsters. Domain name servers direct your website to the right IP address. An infected DNS server can be programmed to direct the network traffic to alternate fake websites, affecting everyone connected to the server.

DNS pharming is especially dangerous since you could have a malware-free computer and still be a victim. Once the correct DNS server is infected, your browser will misfire and land on fraudulent websites without you even realizing it.

Signs of a pharming site

Luckily, there are a few warning signs to watch out for if you think you've been a target:

  • The 's' is missing from 'https.'

    Look at the website address. The 's' in 'https' stands for 'secure,' and all reputable sites use the https protocol to secure their sites and protect visitor information. If it's missing, get out of there ASAP.

  • The website just doesn't look right.

    Visual cues are the surest sign that a website isn't legitimate. Try looking out for spelling errors, unfamiliar fonts, and bad graphics. You can report suspicious websites here.

How to protect yourself against pharming

Use a reputable antivirus and anti-malware security software. Choose one with browser monitoring to help detect malware threats and try to follow these anti-pharming tips for extra protection:

  • Never click on links from unknown senders or from people who you were not expecting to hear from. Always phone them or send them a separate message instead of replying to what could be a pharming attack.

  • Trust your instinct and avoid suspicious-looking websites. If you do land on one, never click on pop-up advertisements, they're usually loaded with malware.

  • Use a reputable VPN that has secure DNS servers to help avoid pharming attacks via DNS poisoning.

  • Update your software regularly. Outdated apps and operating systems can leave your network vulnerable, giving easy access points to hackers.

  • You should always use different passwords for different profiles, such as social media, bank logins, online shopping apps, and e-commerce. If one of your passwords is stolen, it prevents an attacker from gaining access to all of them.

  • Protect your Wi-Fi router. When an attacker tries to access your computer, they will usually see if you're still using the default password on your router. Default router passwords are easy to find online or even guess, so don't leave your network open to attack. Check out our guide on how to reset your router’s password for helpful tips.

  • Use an encrypted password manager. The end-goal of most cybercrime is to hack your accounts and to steal your money and identity. A password manager remembers your passwords, allowing you to create super-strong and unique ones to thwart hackers from accessing your accounts.

What to do if you suspect a pharming attack

If you think you've been a victim of a pharming attack, try resetting your computer, which should reset your DNS cache files. These files are the main target for DNS spoofing. That puts your sensitive information like usernames and passwords at risk – so a regular flush of your DNS cache is always recommended.

Here's how to do that on Windows XP, 7, Vista, 8 and 8.1

  1. Click the Start button; then type 'cmd.'

  2. Right-click Command Prompt and select Run as Administrator.

  3. Type this command and press Enter to clear your DNS cache files:

    ipconfig /flushdns

Pharming is big business

In 2017, more than 50 banks and public institutions around the world were victims of a mass pharming attack, with more than 3,000 devices affected over three days. The cybercriminals redirected users to bogus sites created for each bank, stealing any financial information they could get their hands on. The banks suffered huge losses that could have been avoided with sufficient security firmware.

Due to the covert nature of pharming, prevention can be difficult. Stay secure so that attackers can't prey on your weaknesses. Patch your software regularly and protect your router with a unique password.

Chad Hammond
Chad Hammond
Verified author
Chad loves traveling and technology. His global view and open-mindedness add interesting angles to various security topics. He has already traveled to over 80 countries and is not planning to stop any time soon.
Subscribe to NordPass news