Avast Academy Security Phishing What Is Pharming and How to Protect Against It

What Is Pharming and How to Protect Against It

Imagine this nightmare scenario: you think you’re logging into your bank as usual, but immediately you notice something’s off and find your login info compromised and your money gone. That’s an extreme example of what could happen if you fall victim to pharming. Read on to learn what pharming is and how a comprehensive cybersecurity app can protect you from unknowingly landing on fake websites.

Editors' choice
Top Rated
Written by Danielle Bodnar
Published on January 24, 2022

What is pharming?

Pharming, a portmanteau of phishing and farming, is an online scam that involves directing people to fraudulent websites that mimic authentic sites. Pharming scams try to convince people to interact with fake, lookalike websites in order to harvest their personal data, like emails and passwords, or infect their computers with malware.

Pharming is similar to phishing, but pharming scams cast much wider nets — anyone can unintentionally stumble onto a pharming website, tricked by a fake version of a trusted site.

Hamburguer menu icon

This Article Contains :

    How does pharming work?

    Pharming works by exploiting the way browsers convert a URL into an IP address via a DNS server. DNS servers convert the URL or domain name into an IP address, leaving behind a cache so you don’t need to go through the server every time you visit the site. Pharming attacks interrupt this process by redirecting you to spoofed IP addresses that lead to fake websites.

    Pharmers use social engineering tricks to disguise their malicious address as authentic so victims remain totally unsuspecting. The two primary examples of pharming are malware pharming and DNS server poisoning. Each has a different method of luring people in, but both types of pharming attacks have the same goal in mind: collecting data from victims.

    Malware pharming

    Malware pharming, also known as DNS changer malware, begins like an ordinary malware attack, with a victim opening a malicious email or downloading a malicious file. The malware then changes the local host files so that when you enter a domain into your web browser, your browser redirects you to the fake site.

    The fake website usually looks like the real thing, so victims normally don’t suspect that something’s not right. The malware may be programmed to redirect several different websites, so any computer with this malware is extremely dangerous to use.

    DNS server poisoning

    Rather than targeting an individual device, DNS server poisoning works by exploiting a vulnerability in the targeted DNS server. This corrupts the entire DNS server, which will then redirect users to the scammers’ spoofed website rather than the real one. The larger the DNS server, the larger the number of potential victims.

    DNS server poisoning pharming attacks can happen on any DNS server, regardless of the scale. And they can also affect home or office-based internet routers, because each router has its own DNS cache.

    Phishing and pharming — what’s the difference?

    While both phishing and pharming attacks use fraudulent, but legitimate-looking information to trick users into sharing sensitive information, they differ in one important way. Phishing is primarily done through using fake emails, while pharming occurs via fake websites.

    Phishing attacks usually happen via email, while pharming happens on websites.Phishing attacks are often carried out through email, while pharming happens on fraudulent websites.

    Phishing was an early internet scam and has led to the emergence of a variety of spinoff scams, such as smishing, spear phishing, and vishing. In fact, pharming gets its name from phishing — it’s a combination of “phishing” and “farming.”

    While pharming attempts to lure users like phishing, a pharming attack can also succeed without a lure. Pharming works more like a fake sign directing travelers to a well-known spot but sending them in the wrong direction. Rather than ending up where they want to go, the travelers find themselves in a sketchy area, vulnerable to attacks by lurking bandits.

    How to spot pharming

    If you land on a pharming site, you can still close the tab and keep your data and device safe, as long as you act before you try to log in or enter any personal details. Here’s how to spot a pharming website:

    • Look at the website’s URL. Does the URL begin with http or https? When a URL begins with https, it means you’re on a secure connection. Almost every major website — especially those that handle personal information — secure their data with an https connection. If the URL has only http, the connection isn’t secure and the site might be unsafe.

    • Check the spelling in the URL. Many fake websites may add a dash between words where the real website has none. Or, the spelling in the domain name might be altered by one, easy-to-miss character — like “examplewebsite [dot] com” to “examp1ewebsite [dot] com.”

    • Examine the web page carefully. Do the shape, color, or position of the login buttons seem off? If something seems odd about the web page’s design, it could be a fake.

    Pharming websites fraudulently harvest user data.Pharming websites are often unsecured and include alternate spellings or other oddities.

    Examples of pharming

    Pharming is a widespread scam, and many well-known pharming attacks have taken place since the mid-2000s, each exploiting different vulnerabilities and targeting different victims.

    2007 global pharming attack

    One of the most famous and sophisticated pharming attacks occurred in 2007. More than 50 financial institutions were targeted through an exploited Microsoft vulnerability. Millions of victims in the US, Europe, and the Asia-Pacific region were affected.

    Customers were lured to a fake site with malicious code that then downloaded Trojan malware and files from a Russian server. Victims who visited any of the targeted banks’ websites had their credentials downloaded by the Russian server before being redirected to the real website.

    2015 Brazil attack

    In 2015, an email-based pharming attack targeted Brazilian internet users. Hackers exploited a flaw in home routers to access the administrator console, where they changed the DNS settings to a malicious DNS server.

    The attack was carried out through an email containing a link that directed victims to a server that hacked their router. In the ensuing investigation, around 100 emails containing the malicious links were found.

    2019 Venezuela attack

    In 2019, hackers took advantage of Venezuela’s ongoing humanitarian crisis and people’s desire to help by hijacking a website set up for volunteers to register and offer aid. Within days of the site’s launch, an identical-looking, fraudulent website appeared.

    This fake website had the same IP address as the original, meaning that regardless of whether a victim used the real or fake website, their information — which could include their full name, personal ID number, and phone number — would automatically go through the fake website. The danger was limited to users within Venezuela.

    How to protect against pharming

    A pharming attack may seem hard to identify, but there are simply steps you can take to protect yourself. The best way to avoid becoming the victim of a pharming attack is to use strong antivirus software.

    Avast One is built on top of the world’s largest threat-detection network, and uses smart analytics to automatically detect and stop threats like pharming attacks and malware before they get to you.

    Use a strong router password

    To prevent pharming and other DNS attacks, change your router’s password, following our recommendations for setting a strong password: use long, unique, and hard-to-guess passphrases. You can also change your router’s DNS settings to be more secure.

    Use a password manager

    Using a password manager can help you avoid pharming sites. Your login credentials will be filled in automatically each time you log in to a known site. If your login info does not autofill, it’s possible that the password manager doesn’t recognize it because it’s a fake page. Make sure to use one of the best password managers you can find.

    Anti-malware software

    As malware pharming is a common method of attack, protecting yourself with the best antivirus software and comprehensive anti-malware removal tools is crucial. Quality, updated antivirus software keeps tabs on the latest threats, catching and quarentining viruses and other malware before they have a chance to infect your device.

    If you do come across any suspicious-looking websites, report these to your ISP, because there’s a chance that pharming, viruses, and other attacks could be affecting other people.

    Protect against pharming with Avast Free Antivirus

    Avast One offers comprehensive protection against pharming and other malware. With advanced threat-detection and machine-learning software, and a network of over 400 million protected computers, Avast will make sure you always steer clear of pharming sites.

    Not only does Avast’s security software detect viruses, malware, and phishing attacks, it also features CyberCapture, technology that automatically identifies and evaluates suspicious files. All this and more is done with an easy-to-use, lightweight app that’s so effective you won’t even know it’s there. Download it today for free and start protecting yourself immediately.

    Get Avast One to help block scams and protect your phone

    Free install

    Get Avast One to help block scams and protect your iPhone

    Free install
    Danielle Bodnar