Pharming Attack: A Deceptive Harvest of Your Data


Pharming attack is a cyberattack that steals your data by cleverly redirecting you to a fake website. Unlike phishing, which relies on luring you with emails or messages, pharming works behind the scenes, manipulating the internet’s infrastructure to take you to an imposter site.

Understanding the Web: DNS and Hosts Files

The internet works by translating user-friendly website names (like “[invalid URL removed]”) into numerical addresses (like “”) that computers can understand. This translation is done by the Domain Name System (DNS), which acts like a giant phonebook for the internet.

Your computer can also have a local “hosts file” that overrides the DNS for specific websites. This is rarely used by everyday users, but it’s a vulnerability that pharming can exploit.

Technical Nuances of Pharming Attack:

  • DNS Cache Poisoning: This is a common technique where attackers exploit vulnerabilities in DNS servers to inject fake records. When users try to access a legitimate website, the poisoned server redirects them to the attacker’s imposter site.
  • Man-in-the-Middle (MitM) Attacks: Pharming can be combined with MitM attacks. Here, attackers intercept your communication with a website and can manipulate data flowing between you and the real site. This could involve injecting malicious code to steal information you enter on the fake website.

Farming vs Phishing: Tricking You vs Tripping You Up

Pharming and phishing are both methods to steal your data, but they work differently:

  • Phishing: Phishing attacks use emails, texts, or fake websites to trick you into clicking a malicious link. These links often lead to login pages that look real, where you unknowingly surrender your passwords and other sensitive information.
  • Pharming: Pharming bypasses the need to trick you with a link. Instead, it manipulates the DNS or your hosts file to redirect you to a fake website, even if you type in the correct address. The fake website then appears legitimate, stealing your information as you enter it.

Pharming vs. Other Threats:

  • Malvertising: Malvertising uses infected online ads to redirect users to pharming sites. Clicking on a seemingly harmless ad can unknowingly trigger a pharming attack.
  • Watering Hole Attacks: These target specific websites frequented by a particular group (like a bank’s customers). By compromising such a site, attackers can automatically pharm anyone who visits it.

Pharming in cryptography is a non-existent term. Cryptography deals with securing information, while pharming aims to steal it.

Pharming Examples: A Thief in Plain Sight

Here’s how pharming can unfold:

  • Malware: You unknowingly download malware that alters your DNS settings or hosts file, directing you to a fake bank website.
  • DNS hacking: Hackers compromise a DNS server, causing everyone who uses that server to be redirected to a fake website (often for a popular service like online banking).

Imagine you’re trying to access your bank account. A pharming attack could send you to a fake website that looks exactly like your bank’s login page. As you enter your username and password, the attacker captures this information, allowing them to access your real account.

Global Impact of Pharming:

Financial Losses: Pharming is a major source of financial fraud. Users who unknowingly enter their banking information on a pharmed site can have their accounts emptied.
Data Breaches: Pharming attacks can also lead to large-scale data breaches, compromising personal information like names, addresses, and even Social Security numbers.
Loss of Trust: Successful pharming attacks can erode user trust in online transactions, hindering e-commerce and online banking activities.

Advanced Pharming Techniques:

  • HTTPS Pharming: While HTTPS adds security, attackers can use fake SSL certificates to create a false sense of security on their pharming sites. Be extra vigilant even on HTTPS sites.
  • Browser Exploits: Hackers can exploit vulnerabilities in web browsers to redirect users to pharming sites. Keeping your browser updated helps mitigate this risk.

How To Protecting Yourself from Pharming: Fight Back!

Here’s how you, as an end user, can protect yourself from pharming:

  • Be cautious with links: Don’t click on links in emails or messages, even if they seem to come from a legitimate source. Instead, type the website address directly into your browser.
  • Look for security cues: When on a website, especially one where you enter sensitive information, ensure there’s a padlock symbol in the address bar and that the address starts with “HTTPS” (not just “HTTP”). These indicate a secure connection.
  • Use a reputable antivirus: An antivirus can help detect and remove malware that might be used for pharming.
  • Consider DNS protection: Some security suites offer DNS protection that can block redirects to malicious websites.
  • Be wary of unexpected pop-ups: Phishing sites often use pop-ups to create a sense of urgency and trick you into giving away information.
  • Bookmark trusted websites: Bookmark the websites you frequently visit, especially those where you enter sensitive information. This way, you can bypass the need to type in the address each time, reducing the risk of mistyping and landing on a fake site.

Staying Ahead of Pharming Threats:

  • Security Awareness Training: Organizations can train employees to identify suspicious websites and avoid clicking on untrusted links.
  • Regular Security Audits: Regular security audits can help identify vulnerabilities in IT infrastructure that could be exploited for pharming attacks.
  • Multi-Factor Authentication (MFA): MFA adds an extra layer of security by requiring a second verification step beyond just a username and password. This makes it harder for attackers to access accounts even if they steal login credentials through pharming.

By being aware of pharming and taking these precautions, you can make it much harder for attackers to steal your data. Remember, a healthy dose of skepticism when dealing with online transactions can go a long way in protecting your personal information.

Pharming FAQs

  • Can pharming be detected? There isn’t a foolproof way to detect pharming, but some security software can warn you about suspicious DNS activity.
  • What are the signs that a website might be fake? Look for typos in the URL, grammatical errors on the website, and a lack of security features like HTTPS and the padlock symbol.
  • What should I do if I suspect I’ve been pharmed? Change your passwords immediately for any accounts you might have accessed on the fake website. Scan your computer for malware and consider contacting your bank or other institutions if you believe your financial information may have been compromised.
  • How can businesses protect themselves from pharming? Businesses can use DNSSEC (Domain Name System Security Extensions) to add an extra layer of security to their domain names, making them more difficult to spoof. They can also monitor their website traffic for suspicious activity.

Join Our Club

Enter your Email address to receive notifications | Join over Million Followers

Previous Article
SysReptor Pentest Reports

Sysreptor - Offensive Security Reporting Solution For Pentesters

Next Article
OracleCMS Breach

Victorian Councils Data Exposed in OracleCMS Breach

Related Posts