What is pharming and how can you protect yourself?

Online scams can take many forms, but the aim is often the same: harvesting personal data, login credentials, and account information to commit identity theft. And pharming is no different.
Bearded man at desk holding credit card and looking at tablet computer
Pharming sites try to “harvest” information like your credit card number
Learn to recognize the signs of online fraud so you can protect yourself.

Definition of pharming

Rather like a phishing attack, pharming is a form of online fraud aimed at stealing confidential information. In fact, this similarity is what gives it its name, a combination of the words “phishing” and “farming”. In such online scams, the “pharmers” create a fake website and then manipulate website traffic to steer their victims to that site. What sort of data are they looking to harvest? Passwords, social security numbers, credit card and account numbers, and other personal information.

Pharming vs. phishing: What’s the difference?

A common definition of pharming is “phishing without a lure.” Instead of hooking the fish, the cybercriminals divert the flow of the stream so the fish are automatically swept into their net. They do this by manipulating the background processes that occur after you type or click on a URL (e.g. www.mail.com) so you are sent to their malicious website instead of the one you intended to visit.

In other words, phishing – the practice of sending fake emails that seem to come from legitimate companies – is used to target individual users and lure them to fake websites where they enter personal information. Pharming has the same goal of directing victims to a fraudulent website to facilitate identity theft. However, this redirection takes place through technical manipulation rather than personal deception.

How does pharming work?

When you want to go to a website, you enter the URL containing its domain name. This serves like your street name in your postal address: it tells the web traffic where to go. When computers communicate with each other, however, they use IP addresses, lengthy combinations of numbers (and sometimes letters), to identify their locations. The job of translating a website address like www.mail.com into its IP address is done by a domain name system (DNS) server. Once this process, which takes milliseconds, is completed, it points you to that website. Pharming works by manipulating this DNS process: by causing the DNS server to return an incorrect IP address, the scammers can send people to the fake site. This can happen in two ways:
 
  1. On a single computer: Rather like a phishing email, the hacker can send an email containing malware that infects the hosts file of the user’s computer or mobile device. The hosts file is like your computer’s address book where it saves domain name to IP address translations to speed up page loading time. The pharming malware changes legitimate IP addresses in this file into IP addresses of fake sites. So even if you type in the correct web address or click a bookmark entry in your browser, your computer will take you to the pharming site instead.
  2. On a DNS server: Hackers can also use a sophisticated technique called DNS poisoning or DNS spoofing. This approach allows them to target multiple users at once – any user whose request for an IP address goes through that server can then be directed to the fraudulent site. These victims end up on the fake website without any sign of a discrepancy on their computers.

Warning signs of pharming

Because pharming often leaves no trace on your device, you are most likely to recognize it by the effects:
  • Charges to your PayPal, credit or debit cards that you did not make
  • Social media posts or friend requests that you did not post or send
  • Changed passwords in online accounts
  • New software or apps on your devices that you did not install

What to do if you have fallen victim to pharming

Whether any of the above are a result of a pharming attack or some other form of cyberattack, the most important step is to change the passwords of the affected accounts and notify your online banking and/or email provider, social media platform, etc. as applicable. These institutions may also have fraud reporting procedures for you to follow.

To make sure your computer or other device is secure, run an antivirus scan and remove any malware that is detected. Clear the DNS cache of your home internet router (which temporarily stores previous DNS lookups) in case it has also been affected. If there are no signs of a problem on your devices, it may be a case of DNS poisoning on your internet service provider’s (ISP) DNS service. So it’s a good idea to contact your ISP and report the problem.

Identifying fraudulent websites

There are several signs you can look for to see if a pharming or phishing hoax has led you to a fake website:
  1. Look to see if the website address starts with “http” or “https”. The latter stands for “Hypertext Transfer Protocol Secure” and means that it uses encrypted data transfer to keep users’ information safe. Any reputable financial institution or retailer will have a secure website with an SSL certificate.
  2. Look for typos in the URL. In a practice known as “typosquatting,” scammers register domain names or extensions that are very close to the name of the legitimate website in order to fool visitors, e.g. goooogle.com or google.net.
  3. Look for any errors on the page itself. There may be spelling or grammar errors, or sometimes a website will simply feel wrong – due to slight differences in the color palette, tiny mistakes in the brand logo, or missing content.
  4. Look for deals that seem too good to be true. If the website tries to get you to sign up to receive prices that are far lower than the competition or tells you have won a valuable prize in a competition you never entered, exercise due caution and do not input any personal data.

How to prevent pharming attacks

In addition to avoiding suspicious websites, you can help protect yourself from pharming by following cybersecurity best practices: To protect your computer or mobile device from becoming infected with pharming malware (or other viruses), you should always avoid clicking links or opening attachments in an email or text message unless you are certain the sender is trustworthy. It is important to install strong and reputable antivirus protection software and keep it up to date. And make sure that the operating systems and other software on all of your devices – computer, smartphone, router, etc. are kept up to date, because these updates often contain patches to fix vulnerabilities that hackers use. Make certain to use a strong, unique password for every online account. You can also look into activating two-factor authentication for sensitive online accounts like email or online banking, which will prevent unauthorized persons from logging in even if they get their hands on the password.

We hope this information will help keep you safe from pharming scams. We look forward to your feedback below.

Images: 1&1/Getty Images

47 people found this article helpful.

Related articles

What is typosquatting?

Beware of online romance scams!

Email spoofing: Definition and how spoofing works