While many cyberattacks require a user to click on a link or download a file, pharming can happen without the user doing anything. Learn more about how pharming works, the danger it poses, and, most importantly, how to protect yourself.
What is pharming?
Pharming is a cyberattack that works at the DNS (domain name server) level. A hacker redirects a legitimate web address to a fake site with the intention of collecting passwords and other personal data. The best pharming attacks are the most convincing, making users believe that they are on a legitimate, trusted website.
Unlike phishing, which usually depends on a user clicking a link or downloading a file, pharming can occur with or without user action.
Microsoft Defender
Stay safer online with one easy-to-use app1
1Microsoft 365 Personal or Family subscription required; app available as separate download
There are two ways you can be directed to a fraudulent website in a pharming attack:
Malware-based pharming
In malware-based pharming, malicious software changes the cache information on your computer. Web browsers use the cache to store IP addresses for websites you’ve previously visited. This helps you get to that site more quickly instead of needing your computer to retrieve the IP address each time from the server. In a pharming attack, malware can access your cache and replace the correct IP address. The new IP address then directs you to a fake site designed to look like the page you are trying to visit.
DNS server poisoning
In this form of pharming, hackers change the IP address within the server. When you enter a web address into your browser, the browser sends that request to the server, where it is translated into an IP request. In DNS server poisoning, the server is programed to return a fraudulent IP address. As a result, a fake page appears in your browser.
How to defend against a pharming attack
Even though pharming attacks can occur without warning or clicking on something untrustworthy, you can still protect yourself. Here are several ways to guard against pharming attacks and avoid falling for a fake website:
Use antivirus and anti-malware software
Antivirus and anti-malware software, including Microsoft Defender, are an important line of defense against pharming sites. This software, which is available individually or as a bundle, is especially useful against malware-based pharming, which relies upon the user clicking a suspicious link or accidentally downloading malware. Antivirus and anti-malware software are designed to recognize and neutralize these threats.
“Promptly accepting available updates on your operating system, browser, and antivirus software quickly raises your level of protection against all forms of cybercrime.”
Keep up with updates
Promptly accepting available updates on your operating system, browser, and antivirus software quickly raises your level of protection against all forms of cybercrime. These updates carry the latest security patches that are developed in response to the most immediate threats. As hackers develop new strategies to steal your data, updates are developed to counter them. Staying updated is one of the best actions you can take to protect yourself.
Check for proof of safety
When you’re on a webpage, there’s valuable information to help verify that you are on an authentic site. Look for these signs of safety:
URL starting with HTTPS. Once a webpage loads, look at the address bar to see the full URL. Legitimate sites dealing with personal information, like bank or insurance login pages, should always be protected by a security certificate. HTTPS at the beginning of the URL signifies that this site contains a security certificate, a valuable sign that you should feel safe.
A lock icon. Another way to guarantee a site has a security certificate is a lock icon at the front of the address bar. If there’s a broken lock, beware!
Watch out for what’s wrong or missing
One of the most valuable tools against a pharming attack is attention to detail. These fraudulent websites may be lookalikes, but they’re usually not perfect. Watch out for these details that can signal a pharming attack:
An unusual URL. Fraudulent sites may have URLs very similar to the safe, correct web address, but something will have to be different. If there’s an extra letter in one of the words or a word added in, for instance, you might be on a fake site.
Misspellings, poor grammar, etc., on the site. If you find a misspelled word, missing punctuation, or out-of-place language on a site that you otherwise trust, this is a strong sign to be cautious.
Odd logo or visuals. Does something else look off on the site? Perhaps the layout is wonky, or the logo is out of proportion. If so, this could be a pharming attack.
While pharming attacks do their best to trick you into believing a site is authentic, they’re often preventable and detectable. By practicing good cyber hygiene and paying close attention to the sites you visit, you will have the best chance to keep your data safe.
Get started with Microsoft 365
It’s the Office you know, plus the tools to help you work better together, so you can get more done—anytime, anywhere.
Identify and stop a CEO fraud attack with these tips. Learn how this scam, sometimes known as whale fishing, is aimed at company executives and how to master CEO fraud detection.
Recognize questionable behavior on social media such as off-putting and automated messages. Learn why this behavior may be a sign of social media bots and other indicators.