what is pharming
Pharming is a cyberattack where criminals secretly redirect you from a real website to a fake one to steal your data, even if you typed the correct address.
What is pharming?
- Pharming is an online fraud technique that manipulates how your device or the internetâs addressing system (DNS) finds websites, sending you to a spoofed (fake) site.
- These fake sites are designed to look like real banking, shopping, or login pages so youâll enter passwords, card numbers, or other personal details.
- Unlike classic phishing, pharming can work without you clicking a suspicious link; you can be redirected automatically.
How pharming works (quick view)
- The internet uses DNS servers to turn website names (like example.com) into IP addresses.
- In a pharming attack, attackers corrupt either:
- Your deviceâs local âhostsâ file, or
- A DNS server that many users rely on.
- Once poisoned, normal visits (e.g., typing your bankâs URL) can silently send you to a fake copy controlled by the attacker.
| Aspect | Pharming | Phishing |
|---|---|---|
| Main idea | Redirects you to fake sites by tampering with DNS or device settings. | [5][9][1][3]Lures you with deceptive emails/messages/links. | [7][1][5]
| User action needed | Often none; redirection can be automatic. | [1][3][7]Usually must click a malicious link or open an attachment. | [8][7][1]
| Typical targets | Banking, payment, ecommerce login pages. | [8][3][1]Email accounts, social media, any login or payment page. | [7][8][1]
| Main goal | Harvest credentials and data at scale via fake sites. | [3][5][1][7]Steal credentials, money, or spread malware via deceptive messages. | [8][1][7]
Main types of pharming
- Malwareâbased pharming
- Malicious code (virus or Trojan) alters your computerâs hosts file.
* Even if you type the correct URL, your system silently sends you to the attackerâs fake site.
- DNS poisoning (serverâside pharming)
- Attackers compromise a DNS server, changing the records for popular domains.
* Many users querying that DNS are redirected to spoofed sites, making attacks largeâscale and hard to spot.
Why pharming is dangerous now
- Pharming is widely recognized by cybersecurity and standards bodies (like NIST) as a serious identityâtheft and fraud threat.
- Because it doesnât always rely on obvious scam emails, it can bypass traditional user awareness defenses.
- Recent cybersecurity coverage notes DNSârelated attacks and largeâscale credential theft as ongoing issues through 2025â2026, keeping pharming on security roadmaps.
Signs you might be a victim
- A familiar site looks âoffâ (odd URL, spelling mistakes, missing padlock, or unusual design).
- Your browser shows a different URL than the one you typed or bookmarked.
- Certificates or HTTPS warnings pop up unexpectedly when visiting major services.
If a banking or payment site feels wrong, stop, close it, and reâopen it by typing the URL manually or using a trusted app.
How to protect yourself
- Use secure connections and check URLs
- Always look for HTTPS and the correct domain name, especially on banking or shopping sites.
* Watch for typos, extra words, or strange domain endings.
- Keep systems and security tools updated
- Regularly update your OS, browser, and apps so known DNS and networking flaws are patched.
* Use reputable security software that can detect malware that might change your hosts file.
- Use strong authentication
- Turn on multiâfactor authentication (MFA) for email, banking, and important accounts, so stolen passwords alone are less useful.
* Prefer official banking apps over browser logins when possible.
- Harden your network and DNS
- Use trusted DNS resolvers or securityâfocused DNS services to help block known malicious domains.
* Keep your router firmware updated and change the default admin password.
- Stay alert to account activity
- Monitor bank and card statements for unfamiliar transactions.
* If you suspect pharming, change your passwords from a clean device and contact your bank or provider immediately.
TL;DR: Pharming is âphishing without the clickâ: attackers corrupt your device or DNS so youâre invisibly sent to fake websites that steal your information, even when you think youâre on the real site.
Information gathered from public forums or data available on the internet and portrayed here.