Cybercriminals are constantly adapting their techniques to more effectively infiltrate our devices or accounts. Pharming is a newer, more complicated technique.

visual showing screen with IP address

What is Pharming?

Pharming is a scam in which malicious code is installed on someone’s personal computer or server. This code changes the IP address information, which misdirects users to fake websites without their knowledge or consent. Once redirected to these fake websites, users are prompted to enter personal information, which is then used against them. Customers of banks or other monetary exchange systems are the main targets of this scam.

Hackers succeed with this tactic because they can infiltrate a large number of devices at once, rather than target individuals. In addition, they don’t need to convince users to click a doubtful email link or sketchy ad. The malicious code is automatically downloaded without any conscious action from the user.

What is the Difference Between Phishing and Pharming?

Similar to the ever-popular phishing tactic, pharming utilizes fake websites for the purpose of stealing personal information. Unlike phishing, pharming doesn’t require users to take action — they are redirected to these false websites without even knowing.

graphic that shows a fake website

How Does Pharming Work?

Pharming can be done by infiltrating individual computers or by poisoning a server. Both options utilize code that redirects websites, but each is carried out in a different way.

Pharming on Individual Computers

In this type of pharming, the hacker sends an email with a code that is able to modify the host files of an individual’s computer. Once the host files are infiltrated, they redirect all URLs to a fake website. Even if the user types in the correct URL, the page will redirect. These websites mimic the appearance of real sites so users may not be aware they are victims.

Pharming Through DNS Poisoning

A much more extreme version of pharming is domain name system poisoning or DNS poisoning. In this pharming attack, rather than infiltrating files on a personal computer the DNS server is attacked. This server can handle thousands to millions of Internet users’ URL requests and each user is unknowingly redirected to fake pages. This large-scale threat is especially dangerous because the affected users can have a secure and malware-free device and still become victims.

How to Recognize Pharming

Spotting a pharming attack can be nearly impossible because it’s not based on any action the user takes. However, there are a few key warning signs that can show someone is a victim of a pharming attack.

  • Check to make sure the URL is spelled correctly.
  • Be sure the URL is secure and has “https” before the site name.
  • Notice any discrepancies from how the webpage usually looks.
  • Examine any unusual activity in your banking account.

How to Protect Against Pharming

Although many pharming attacks can’t be prevented, there are a few steps that can ward off cybercriminals.

  • If you think you are a victim of an attack, clear your DNS cache.
  • Run an antivirus program to make sure your device is secure.
  • If you believe your server is compromised, contact your Internet service provider.

Sources:

Search Security I Teach Computer Science I Tech Terms