Imagine you land on a website you visit frequently, like your online banking page. How do you know that it’s legitimate and not a convincing lookalike? In a pharming attack, you might be misdirected at any time, and you won’t even notice it. Then everything you’ll type in will end up in the hacker's hands. That’s how insidious pharming is.
Apr 01, 2020 · 4 min read
Pharming is a type of cyber attack during which a hacker redirects a victim’s traffic from the original website to a fake one. There are two ways to do it: by infecting computers and changing their host files or by infecting a Domain Name System (DNS) server and letting it solve victims’ DNS requests.
Pharming is like phishing in the way that both techniques try to lure you to a fake website to get your sensitive details. However, there are some key differences.
In phishing, victims are usually tricked into clicking on suspicious links in their emails or hiding behind online ads. They are taken to bogus sites, which can infect their devices with viruses or steal their data in other ways. Most often, you can recognize phishing by looking out for warning signs such as misspelled content or deals that are too good to be true.
In pharming, a victim is also directed to a fake website but doesn’t need to click any links. The traffic is redirected without the victim’s interference. In fact, there might be no warning signs that you’re on a spoofed website! Once you’re in, the lookalike website grabs your data while you type and sends it straight to the hacker.
Like any other cyber-attack, the main goal of pharming is to steal your sensitive details. What data hackers steal will depend on the website they replicate. For example, hackers could:
There are two types of pharming attacks you should know about.
Now, when you try to access your social media account, for example, and you enter the correct URL, an identical but fake site will appear instead. The worst thing is that you’ll have no idea that it’s fraudulent and ready to steal your data.
While there are ways you can prevent the attack mentioned above, it’s almost impossible to do so if the DNS server is hijacked. Why? In this attack, you’ll type in the correct URL, but the infected DNS server will automatically redirect your request to a malicious IP address. You’d still see an identical-looking site, so you’ll have no clue that this has happened.
Hackers love DNS server attacks. They’re much harder to pull off but have a higher success rate. Instead of targeting many devices one by one, they simply herd scores of internet users towards fraudulent websites. This is where the name “pharming” comes from.
It’s mostly your internet service provider’s job to hunt down fake websites, especially at the DNS level. However, you shouldn’t rely purely on them. Pharming can be prevented by:
Stay safe. Try NordVPN with a 30-day money-back guarantee!