Understanding pharming: Protecting yourself from online fraud

Online scams can take many forms, but the aim is often the same: harvesting personal data, login credentials, and account information to commit identity theft. And pharming is no different. Learn to recognize the signs of online fraud so you can protect yourself.

by Alyssa Schmitt

Bearded man at desk holding credit card and looking at tablet computer
Pharming sites try to “harvest” information like your password or credit card number

What is pharming and how can you protect yourself?

Definition of pharming

Rather like a phishing attack, pharming is a form of online fraud aimed at stealing confidential information. In fact, this similarity is what gives it its name, a combination of the words “phishing” and “farming”. In such online scams, the “pharmers” create a fake website and then manipulate website traffic to steer their victims to that site.

What sort of data are they looking to harvest? Passwords, social security numbers, credit card and account numbers, and other personal information.

Pharming vs. phishing: What’s the difference?

A common definition of pharming is “phishing without a lure.” Instead of hooking the fish, the cybercriminals divert the flow of the stream so the fish are automatically swept into their net. They do this by manipulating the background processes that occur after you type or click on a URL so you are sent to their malicious website instead of the one you intended to visit.

In other words, phishing – the practice of sending fake emails that seem to come from legitimate companies – is used to target individual users and lure them to fake websites where they enter personal information. Pharming has the same goal of directing victims to a fraudulent website to facilitate identity theft. However, this redirection takes place through technical manipulation rather than personal deception.
Bonus explainer: Would you like a refresher on phishing and how to avoid it? See our deep dive: Phishing emails: How to protect yourself

How does pharming work?

When you want to go to a website, you enter the URL containing its domain name. This serves like your street name in your postal address: it tells the web traffic where to go. When computers communicate with each other, however, they use IP addresses, lengthy combinations of numbers (and sometimes letters), to identify their locations. The job of translating a website address like www.mail.com into its IP address is done by a domain name system (DNS) server. Once this process, which takes milliseconds, is completed, it points you to that website. Pharming works by manipulating this DNS process: by causing the DNS server to return an incorrect IP address, the scammers can send people to the fake site.

Types of pharming attacks

  1. Local pharming: Rather like a phishing email, the hacker can send an email containing pharming malware that infects the host file of the user’s computer or mobile device. The host file is like your computer’s address book where it saves domain name to IP address translations to speed up page loading time. The pharming malware changes legitimate IP addresses in this file into IP addresses of fake sites. So even if you type in the correct web address or click a bookmark entry in your browser, your computer will take you to the pharming site instead.
  2. DNS spoofing: This sophisticated hacking technique is also called “DNS poisoning .” Using this approach allows cybercriminals to target multiple users at once – any user whose request for an IP address goes through that server can then be directed to the fraudulent site. These victims end up on the fake website without any sign of a problem on their computers.

Warning signs of pharming

Because pharming often leaves no trace on your device, you are most likely to recognize it by the effects:
  • Charges to your PayPal, credit or debit cards that you did not make
  • Social media posts or friend requests that you did not post or send
  • Changed passwords in online accounts
  • New software or apps on your devices that you did not install

What to do if you have fallen victim to pharming

Whether any of the above are a result of a pharming attack or some other form of cyberattack, the most important step is to change the passwords of the affected accounts and notify your online banking and/or email provider, social media platform, etc. as applicable. These institutions may also have fraud reporting procedures for you to follow.

To make sure your computer or other device is secure, run an antivirus scan and remove any malware that is detected. Clear the DNS cache of your home internet router (which temporarily stores previous DNS lookups) in case it has also been affected. If there are no signs of a problem on your devices, it may be a case of DNS poisoning on your internet service provider’s (ISP) DNS service. So, it’s a good idea to contact your ISP and report the problem.

Identifying fraudulent websites

There are several signs you can look for to see if a pharming or phishing hoax has led you to a fake website:
  1. Look to see if the website address starts with “http” or “https”. The latter stands for “Hypertext Transfer Protocol Secure” and means that it uses encrypted data transfer to keep users’ information safe. Any reputable financial institution or retailer will have a secure website with an SSL certificate.
  2. Look for typos in the URL. In a practice known as “typosquatting,” scammers register domain names or extensions that are very close to the name of the legitimate website in order to fool visitors, e.g. goooogle.com or google.net.
  3. Look for any errors on the page itself. There may be spelling or grammar errors, or sometimes a website will simply feel wrong – due to slight differences in the color palette, tiny mistakes in the brand logo, or missing content.
  4. Look for deals that seem too good to be true. If the website tries to get you to sign up to receive prices that are far lower than the competition or tells you have won a valuable prize in a competition you never entered, exercise due caution and do not input any personal data.

How to prevent pharming attacks

In addition to avoiding suspicious websites, you can help protect yourself from pharming by following cybersecurity best practices:
  • To protect your computer or mobile device from becoming infected with pharming malware (or other viruses), you should always avoid clicking links or opening attachments in an email or text message unless you are certain the sender is trustworthy.
  • It is important to install strong and reputable antivirus protection software and keep it up to date.
  • Make sure that the operating systems and other software on all of your devices – computer, smartphone, router, etc. are kept up to date, because these updates often contain patches to fix vulnerabilities that hackers use.
  • Make certain to use a strong, unique password for every online account.
  • You can also look into activating two-factor authentication for sensitive online accounts like email or online banking, which will prevent unauthorized persons from logging in even if they get their hands on the password.

We hope this information will help keep you safe from pharming scams. We look forward to your feedback below.

This article first appeared on January 27, 2022, and was updated on March 4, 2024.

Images: 1&1/Getty Images

479 people found this article helpful.

Related articles

What is typosquatting? Types and examples

Is this URL safe? How to check if a link you received is dangerous

Software updates: Why they are important to your security