What Is a Pharming Attack?

What is pharming?

Pharming is a cyberattack that works at the DNS (domain name server) level. A hacker redirects a legitimate web address to a fake site with the intention of collecting passwords and other personal data. The best pharming attacks are the most convincing, making users believe that they are on a legitimate, trusted website.

Unlike phishing, which usually depends on a user clicking a link or downloading a file, pharming can occur with or without user action.

Microsoft Defender

Stay safer online with one easy-to-use app<sup>1

1</sup>Microsoft 365 Personal or Family subscription required; app available as separate download

Learn more

How does pharming work?

There are two ways you can be directed to a fraudulent website in a pharming attack:

Malware-based pharming

In malware-based pharming, malicious software changes the cache information on your computer. Web browsers use the cache to store IP addresses for websites you’ve previously visited. This helps you get to that site more quickly instead of needing your computer to retrieve the IP address each time from the server. In a pharming attack, malware can access your cache and replace the correct IP address. The new IP address then directs you to a fake site designed to look like the page you are trying to visit.

DNS server poisoning

In this form of pharming, hackers change the IP address within the server. When you enter a web address into your browser, the browser sends that request to the server, where it is translated into an IP request. In DNS server poisoning, the server is programed to return a fraudulent IP address. As a result, a fake page appears in your browser.

How to defend against a pharming attack

Even though pharming attacks can occur without warning or clicking on something untrustworthy, you can still protect yourself. Here are several ways to guard against pharming attacks and avoid falling for a fake website:

Use antivirus and anti-malware software

Antivirus and anti-malware software, including Microsoft Defender, are an important line of defense against pharming sites. This software, which is available individually or as a bundle, is especially useful against malware-based pharming, which relies upon the user clicking a suspicious link or accidentally downloading malware. Antivirus and anti-malware software are designed to recognize and neutralize these threats.

Keep up with updates

Promptly accepting available updates on your operating system, browser, and antivirus software quickly raises your level of protection against all forms of cybercrime. These updates carry the latest security patches that are developed in response to the most immediate threats. As hackers develop new strategies to steal your data, updates are developed to counter them. Staying updated is one of the best actions you can take to protect yourself.

Check for proof of safety

When you’re on a webpage, there’s valuable information to help verify that you are on an authentic site. Look for these signs of safety:

• URL starting with HTTPS. Once a webpage loads, look at the address bar to see the full URL. Legitimate sites dealing with personal information, like bank or insurance login pages, should always be protected by a security certificate. HTTPS at the beginning of the URL signifies that this site contains a security certificate, a valuable sign that you should feel safe.
• A lock icon. Another way to guarantee a site has a security certificate is a lock icon at the front of the address bar. If there’s a broken lock, beware!

Watch out for what’s wrong or missing

One of the most valuable tools against a pharming attack is attention to detail. These fraudulent websites may be lookalikes, but they’re usually not perfect. Watch out for these details that can signal a pharming attack:

• An unusual URL. Fraudulent sites may have URLs very similar to the safe, correct web address, but something will have to be different. If there’s an extra letter in one of the words or a word added in, for instance, you might be on a fake site.
• Misspellings, poor grammar, etc., on the site. If you find a misspelled word, missing punctuation, or out-of-place language on a site that you otherwise trust, this is a strong sign to be cautious.
• Odd logo or visuals. Does something else look off on the site? Perhaps the layout is wonky, or the logo is out of proportion. If so, this could be a pharming attack.

While pharming attacks do their best to trick you into believing a site is authentic, they’re often preventable and detectable. By practicing good cyber hygiene and paying close attention to the sites you visit, you will have the best chance to keep your data safe.