What pharming is and how you can avoid it

Here we explain what pharming is and how you can combat it.

Pharming is a type of computer attack aimed at stealing sensitive information. To do this, cybercriminals carry out an attack on the Domain Name Server (DNS) in order to redirect users to a fake website, which has the official domain name, in order to steal their private information.

Types of pharming

There are three kinds:

  • Attack on the computer’s host file (local pharming)

Requires the installation of a virus or a Trojan on your computer. The goal is to modify this file and thereby reroute traffic to the malicious website of its choice (where sensitive data is stolen).

  • DNS server attack (drive-by pharming)

After circumventing firewalls or routers, this server (which is responsible for translating the names of various websites according to their IP address) is infected, sending users to a false address chosen by the hacker.

  • Attack on DNS server vulnerabilities (DNS poisoning)

A variant of the previous attack, it targets DNS server breaches based on their address cache. Its complexity makes it the most dangerous of the three, although nowadays it is the least common, since Internet providers have corrected any existing bugs.

Pharming versus phishing: what makes them different?

Despite having the same goal, the difference lies in the way the attack is carried out. While phishing uses bait (SMS, email, etc.) to lure the user to a website to steal their data, pharming attacks the user directly, accessing their computer (either the hosts or the DNS server) and sending them directly to the website where the information will be stolen (instead of giving them the option to click on a link).

Is it possible to combat pharming?

A pharming attack is difficult to detect if it is carried out properly, so it is best to prevent it. To do so, there are a number of basic measures to adopt:

  • Verify that the URL is correct (that it corresponds to the one you usually access). If you find that it is not the same, you may be dealing with a copy.

  • Check that ‘s’ is included after the “http” (appearing as “https”). 

  • Scrutinize the website well before you start to navigate (that it looks the same as it usually does). Make sure to check the different parts of the site as well as the links provided on it.

  • Do not click on links or download files that seem unsafe. 

  • Check for antivirus or browser notifications. If they indicate that the website is not secure, it is best not to browse it and to look for an alternative option.

  • Use good security software and, if possible, upgrade to the paid version (the free version tends to be more limited). It is also possible to find ad-hoc options for this type of breach, more suitable to prevent sensitive information from being stolen.