What pharming is and how to protect yourself

Pharming meaning and definition

Let’s start with the basics: What is pharming? The definition of pharming is pretty straightforward. It's a cyberattack where hackers redirect a legitimate website's traffic to a fake one. The goal is to steal your info — such as passwords, bank logins, or even your social security number — or to quietly install pharming malware on your computer.

The meaning of pharming combines "phishing" and "farming" (hence the name). While a phishing attack usually relies on bait — like a fake email or message that tries to lure you in — pharming takes it a step further. It changes the actual path your computer uses to reach websites, so even if you type in the correct web address, you may land on a pharming site. The “farming” part comes from the way attackers harvest large groups of users at once, redirecting them en masse to malicious sites — like herding traffic into a trap.

How does a pharming attack work?

Pharming exploits technical vulnerabilities to redirect users from legitimate sites. But what techniques are used in a pharming attack? One common attack vector involves the installation of malware on your device, while the other targets the DNS server.

1. Pharming using your device

For this, usually malware-based, pharming attack to succeed, the hacker needs to install a virus, a trojan, or another type of malicious code on your device. This step can be done using phishing or other social engineering techniques. Once the malware is in your system, it will change your host file, which will then redirect your traffic from the intended website.

Now, when you try to access your social media account, for example, and you enter the correct URL, an identical but fake site will appear instead. The worst thing is that you’ll have no idea that it’s fraudulent and ready to steal your data.

2. Pharming using a DNS server

The DNS (Domain Name System) translates domain names into IP addresses that computers understand. We all use names like "example.com" because they are easier to remember than a string of numbers, but the IP address is what you actually need to access a particular website.

While you can prevent the type of pharming mentioned above, it’s almost impossible to do so if the DNS server is hijacked. Why? In this attack, you’ll type in the correct URL, but the infected DNS server will automatically redirect your request to a malicious IP address. You’d still likely see an identical-looking site, so you’ll have no clue that this has happened.

Hackers love DNS server attacks. They're much harder to pull off but have a higher success rate. Instead of targeting many devices one by one, they simply herd scores of internet users towards fraudulent websites — a true example of pharming. 

The difference between pharming and phishing

Pharming is like phishing in the way that both techniques try to lure you to a fake website to get your sensitive details. However, these attacks have some key differences.

In phishing, victims are usually tricked into clicking on suspicious links in their emails or hiding behind online ads. They are taken to bogus sites, which can infect their devices with viruses or steal their data in other ways. Most often, you can recognize phishing by looking out for warning signs such as misspelled content or deals that are too good to be true.

In a pharming attack, a victim is also directed to a fake website but doesn’t necessarily need to click any links. The traffic is redirected without the victim’s interference. In fact, there might be no warning signs that you’re on a fake website! Once you’re in, the lookalike website grabs your data while you type and sends it straight to the hacker.

How harmful is pharming?

Like any other cyberattack, the main goal of pharming is to steal your sensitive details. What data hackers steal will depend on the website they replicate. For example, hackers could:

• Steal your social media or email login credentials, access your real accounts, and get your personal information. They could use this data in future attacks, or it might be enough for them to lock your accounts and blackmail you.
• Use your login details in credential stuffing attacks to gain access to other accounts. This attack is especially likely to happen if you reuse passwords on multiple accounts.
• Steal your bank details or even use your details for identity theft.
• Sell your details on the black market and let other hackers use them.

How to know if you’ve been pharmed

One of the scariest things about a pharming attack is that it’s designed to be invisible. However, some warning signs of pharming can help you detect it:

• The website URL looks right, but it doesn’t have the HTTPS padlock (or it looks weird or broken).
• You type in a trusted URL, but the page layout looks slightly off: wrong colors, fonts, or outdated info.
• You’re redirected unexpectedly when entering a website, especially banking or shopping sites.
• You log in normally, but then the site suddenly logs you out or asks for unusual info.
• Your device or browser becomes suspiciously slow, especially when accessing trusted websites.
• You find strange entries in your browser history, like duplicate sites or domains with odd characters.
• Your antivirus or firewall sends alerts about unauthorized DNS changes or unusual traffic.
• You receive alerts from your real bank or service provider about logins from unknown devices or locations.

How to protect yourself against pharming

It’s mostly your internet service provider’s job to hunt down pharming websites, especially at the DNS level. However, you shouldn’t rely purely on them. Follow these tips to protect yourself against pharming attacks:

1. 1.Recognize email phishing attempts and not clicking on suspicious links. Be especially careful with attachments — if it’s an .exe file, delete it. Even Word or Excel files can be risky if they contain macros, which can quietly run malicious code in the background.
2. 2.Check the URL. Make sure that you visit HTTPS websites (look for the padlock in your URL bar). Also, check the spelling and other signs that the URL might be spoofed.
3. 3.Use antivirus software that might pick up on trojans and other viruses. NordVPN’s Threat Protection Pro™ is a powerful antivirus feature you can try. Threat Protection Pro™ makes your browsing safer and smoother. It helps you identify malware-ridden downloads, stops you from landing on malicious websites, blocks trackers, and prevents intrusive ads on the spot.
4. 4.Keep your operating system and apps updated. Pharming often relies on outdated software vulnerabilities. Updating your OS, browser, and plugins is an easy way to stay one step ahead.
5. 5.Secure your home or office Wi-Fi networks. Change the default password on your router, turn on WPA2 or WPA3 encryption, and don’t forget to check for firmware updates — they patch security holes you don’t want to leave open.
6. 6.Practice good internet behavior. Use common sense to prevent pharming scams. Don’t download sketchy files, don’t click on random links, and don’t trust everything you see, especially if it asks for personal info.
7. 7.Use a VPN. A VPN encrypts your traffic and routes it via a VPN-owned DNS server by default, which reduces the risk of pharming attacks targeting DNS cache poisoning. 
8. 8.Bookmark important websites. For banking, shopping, or anything sensitive, bookmark the sites you use most often. This reduces the chance of you landing on a fake version.
9. 9.Enable multi-factor authentication (MFA). Even if attackers get your login info, MFA adds an extra layer of security. Use it wherever possible, especially for email, banking, and work-related accounts.
10. 10.Educate yourself (and others). The more you know, the less likely you are to fall for these traps. Talk to your family, especially those who might not be tech savvy, and help them protect themselves too.