When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

How To

What’s Pharming and How Can You Avoid It?

Written by Sydney Butler
Last updated June 23, 2021

At this point, just about everyone has heard of the online fraud scheme known as "phishing". In case you haven't, it's a cyber attack aimed at stealing your information. Usually, they want your username and password for a specific site. So the attacker sends an email that links you to a fake website. They hope that you'll put your credentials on a site that they control and then they will use your credentials to access the real site.

While phishing is an incredibly popular method of trying to get people to give up their credentials voluntarily, it's not all that effective. The only reason so many people are fooled is because phishing attacks are either sent en masse or (in the case of spear phishing) personally targeted. Which means that statistically, some people are going to fall for it.

Pharming is much more insidious and even cybersecurity-savvy users can fall for this scam. It's not nearly as easy to identify pharming attacks and often you'll only find out after you've been robbed.

What is Pharming?

While phishing tries to get you to a fake website by clicking on a compromised link, pharming is far more insidious. When you type in the legitimate URL for the site you want to visit, the hackers use various methods to redirect your browser to a fake website. This leaves you none the wiser. Unless the fake site is poorly-made, you'll be none the wiser about the entire scam. In general, there are two types of pharming attacks, which I'll explain briefly.

Different Kinds of Pharming Attack

The first type of pharming attack works by taking over your computer using malware. The normal vectors of attack apply here. You may pick up a virus via email or a download, for example.

Once infected the malware waits for you to type in a particular web address and then quietly reroutes your browser to a site controlled by its creators.

The other way they can get you is by setting up a rogue DNS server. A Domain Name Server is a computer on the internet that receives your request to visit a website and then directs your network traffic to the right IP address.

The DNS server that's been set up for pharming receives the request but redirects you to the fake site. This is particularly dangerous because there isn't necessarily anything wrong with your computer. So how exactly are you meant to stop pharming from happening?

How Can You Spot Pharming?


Although pharming is a particularly tough online scam to spot, there are still a few ways you can eyeball when something isn't quite right.

First of all, make sure that your connection is secure. The easiest way to do this is to check whether the site address says "https" rather than just "http".

The other tell-tale sign is a poorly-made website. Are there spelling errors in the copy? Perhaps the layout doesn't seem quite right. Anything on the site that seems off should be a warning to you.

The displayed URL of the site is also likely to be different from what it is meant to be. So if you feel suspicious, carefully check it.

How Can You Stop Pharming?

Stop Sign

The first form of pharming is easiest to prevent by making sure you have a good antivirus package and a good anti-malware program to boot.

You should also practice the same general safety procedures you would for malware and viruses in general. That is, don't open attachments you don't know and scan all external storage before using it.

The second form of pharming is harder to prevent, but still doable for just about anyone.

First of all, use an ISP (internet service provider) that has a good reputation and plenty of customer reviews. Don't sign up for an obscure ISP that hasn't been around for a while. If you are unsure check whether the ISP in question is registered with your local communications authority.

It's also a good idea to manually set your DNS to something you know you can trust. Google's Public DNS servers are a good free choice. The best option is to use a VPN service that also has secured DNS servers for their servers. ExpressVPN is a great example of this. It combines the security of a VPN service with the privacy of a zero-knowledge DNS. You're protecting from pharming and from being spied on.

Some internet security packages also offer a browser monitoring feature that checks the site you're visiting against an authentication list.

Final Thoughts

Pharming is one of the nastiest ways to get caught out on the web and unlike many other scams, it's not always your fault. What's important is knowing that the scam exists, how it works and what to do about it. Also, remember to enable two-factor authentication on every site that allows for it. That way even successful pharming attacks can't get further than your login screen.

For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: