What is Pharming? Definition, Examples and Prevention

Pharming is a relatively obscure term for a common and dangerous form of cyber attack.

Pharming attacks involve planting malicious code on victims’ computers, which misdirects web searchers to fraudulent websites.

The bogus sites replicate their legitimate counterparts in almost every way, meaning users become infected with malware or hand over their personal information without ever noticing that something is amiss.

Examples of pharming attacks

Crooks can commit pharming in one of two ways. First, they place a virus into a piece of software and lure users into downloading it. Once the virus is on the victim’s computer, it changes the user’s host files to direct traffic from its intended target towards their phoney replicas.

Alternatively, pharmers conduct a DNS (domain name system) poisoning attack.

Doing so allows them to target a larger pool of people, and means they don’t need to corrupt individual computers. Anti-virus and spyware systems can’t prevent this type of pharming because, technically, the victim’s computer isn’t infected.

How to protect against pharming

Pharming scams are hard to avoid because users don’t need to be tricked to fall victim, as they do with phishing scams.

Even manually entering an email address (which is advice often given to prevent phishing scams) won’t keep you secure, because the misdirection occurs after the computer sends the connection request.

That said, the techniques for spotting pharming are much the same as for phishing.

In both cases, crooks rely on users to hand over their personal details, and they may tip their hand when attempting this.

If a site asks for personal details that it wouldn’t usually request, or does so in a way that seems strange, that’s a good indicator that you’re being tricked.

Learn more about social engineering >>


Another clue is in the address bar.

The domain will be different to the one you typed or clicked, even if the change is hard to spot, because crooks make minor adjustments.

Common techniques include removing a letter, substituting letters (for example, an uppercase ‘I’ in place of a lowercase ‘l’), or using Cyrillic or other non-Latin characters that look like the ones they’re trying to duplicate.

You should also check to see if there is a lock symbol to the left of the web address.

This symbol indicates that your connection is secure, and if there isn’t a lock, the site may well be suspicious. (However, the opposite isn’t always true: the presence of a lock doesn’t necessarily mean the site is legitimate.)

Teach your staff to spot a scam

The repercussions of a pharming attack will be costly for anyone, but it’s particularly dangerous in the workplace.

If crooks can install malware into your staff’s computers, they will be able to infect all your systems or use keystroke loggers to harvest passwords and personal data.

Every employee has a responsibility to ensure this doesn’t happen. Equally, senior staff are responsible for teaching staff about how to avoid attacks.

It’s therefore essential that staff are given regular staff awareness training to learn how to identify attacks and break their bad information security habits.

Our Phishing Staff Awareness E-learning Course will help your staff identify and understand phishing scams, as well as explaining what could happen if they fall victim and how to mitigate the threat of an attack.

It’s delivered online, making it quick and convenient.

Employees can study at a time and place that suits them, and senior staff can get a comprehensive overview of their workforce’s level of information security awareness.