What is a pharming attack?

Pharming is like phishing in the way that both techniques try to lure you to a fake website to get your sensitive details. However, there are some key differences.

In phishing, victims are usually tricked into clicking on suspicious links in their emails or hiding behind online ads. They are taken to bogus sites, which can infect their devices with viruses or steal their data in other ways. Most often, you can recognize phishing by looking out for warning signs such as misspelled content or deals that are too good to be true.

In pharming, a victim is also directed to a fake website but doesn’t need to click any links. The traffic is redirected without the victim’s interference. In fact, there might be no warning signs that you’re on a fake website! Once you’re in, the lookalike website grabs your data while you type and sends it straight to the hacker.

Like any other cyber-attack, the main goal of pharming is to steal your sensitive details. What data hackers steal will depend on the website they replicate. For example, hackers could:

• Steal your social media or your email login credentials, access your real accounts, and get your personal information. They could use this data in future attacks, or it might be enough to lock your accounts and blackmail you.
• Use your login details in credential stuffing attacks and gain access to other accounts. This is especially likely to happen if you reuse passwords on multiple accounts.
• Steal your bank details and wire money to their accounts or even use your details for identity theft.
• Sell your details on the black market and let other hackers use them.

There are two types of pharming attacks you should know about.

1. Pharming using your device

For this attack to succeed, a hacker first needs to install a virus or a Trojan on your device. This can be done using phishing or other social engineering techniques. Once the virus is in your system, it will change your host file, which will then redirect your traffic from the intended website.

Now, when you try to access your social media account, for example, and you enter the correct URL, an identical but fake site will appear instead. The worst thing is that you’ll have no idea that it’s fraudulent and ready to steal your data.

2. Pharming using a DNS server

DNS servers translate URLs into IP addresses. We all use URLs because they are easier to remember than a string of numbers, but the IP address is what you actually need to access a particular website.

While there are ways you can prevent the attack mentioned above, it’s almost impossible to do so if the DNS server is hijacked. Why? In this attack, you’ll type in the correct URL, but the infected DNS server will automatically redirect your request to a malicious IP address. You’d still see an identical-looking site, so you’ll have no clue that this has happened.

Hackers love DNS server attacks. They’re much harder to pull off but have a higher success rate. Instead of targeting many devices one by one, they simply herd scores of internet users towards fraudulent websites. This is where the name “pharming” comes from.

It’s mostly your internet service provider’s job to hunt down fake websites, especially at the DNS level. However, you shouldn’t rely purely on them. Pharming can be prevented by:

1. Recognizing email phishing attempts and not clicking on suspicious links.
2. Using a VPN. A VPN encrypts your traffic and routes it via a VPN-owned DNS server to solve your DNS request. NordVPN also offers a private DNS option for app users, which ensures tighter security and privacy for your traffic.
3. Using antivirus software that might pick up on Trojans and other viruses. NordVPN’s Threat Protection is a powerful antivirus feature you can try. Threat Protection makes your browsing safer and smoother. It helps you identify malware-ridden files, stops you from landing on malicious websites, and blocks trackers and intrusive ads on the spot.
4. Practicing good internet behavior.
5. Checking the URL. Make sure that you visit HTTPS websites with a VPN (look for the padlock in your URL bar). Also, check the spelling and other signs that the URL might be spoofed.