Pharming Attacks – How to spot and stop them


Pharming attacks are an insidious form of cybercrime that can be difficult to detect. In this article, we’ll look at what pharming attacks are, how they work, and how to stay protected from them. Whether you are a business that wants to protect its data and customer, or an individual, this applies to you.

We’ll also discuss the latest trends in pharming attacks and how to spot and stop them. By understanding the risk and taking appropriate steps, you can protect yourself from becoming a victim of pharming.

What is pharming?

Pharming is a type of cyber-attack that involves redirecting victims to malicious websites without their knowledge or approval with the intention to commit fraud. Malicious websites are often created to look like legitimate websites, such as banking websites, in order to steal personal information such as passwords, credit card numbers, and other sensitive data. The fake website looks identical to the legitimate website, so users may not realise they are on a phishing site.

Pharming derives from the combination of the words “phishing” and “farming”. This type of attack is usually done by exploiting vulnerabilities in a website’s code or by sending malicious emails with malicious links. Pharming attacks can also involve malware, which can be used to modify the victim’s computer so that it automatically redirects them to the malicious website. The goal of a pharming attack is to gain access to the victim’s personal information, making it easier for the attacker to commit fraud and identity theft.

Pharming vs Phishing

Pharming and phishing are both malicious activities that attempt to steal sensitive information from victims, such as usernames, passwords, and credit card details.

Pharming is a type of cyberattack that involves attackers redirecting a user’s web traffic to a malicious website in order to gain access to personal information. Attackers usually use techniques such as DNS hijacking or malware to redirect users to a malicious website.

Phishing is a technique used by attackers to try to gain access to confidential information by sending out emails or messages that appear to be from a legitimate source. Attackers use phishing techniques to try to get victims to enter their login credentials or other sensitive information into a fake website or form.

How pharming attacks work

The following points outline how pharming works:

• Pharming attacks are attempts to redirect web traffic to malicious fake sites by exploiting weaknesses in Domain Name System (DNS) servers.

• Attackers use malicious code planted on a user’s computer or through a DNS server to redirect web traffic to phoney websites that look like legitimate ones.

• The malicious code can be planted through malicious emails, malicious downloads, or pop-up ads.

• Once the user visits the phoney website, the attacker can steal user credentials, such as passwords, or install additional malicious code on the user’s computer.

• Attackers may also use a process called “DNS cache poisoning” to hijack web traffic and redirect it to malicious websites.

• Attackers can also use “DNS tunnelling” to send data over an encrypted connection, bypassing traditional security measures.

Pharming examples

One example of pharming is Domain Name System (DNS) cache poisoning. This is when hackers use malware to change the IP address of a legitimate website to a malicious one. This redirects unsuspecting users to a fraudulent website where they may enter their personal information, unaware that they are not on the legitimate site.

Another example of pharming is website spoofing. In this method, hackers create a fake website that looks and feels like a legitimate website. They may copy the design, content, and URLs of the legitimate website in order to deceive users. When users enter their personal information on the spoofed website, hackers can collect it.

Finally, hackers may use social engineering techniques to trick users into visiting a malicious website. They may do this by sending emails with links that look like they are from a legitimate source, such as a bank or online retailer. When users click on the link, they are taken to a malicious website where they may enter their personal information.

Common types of pharming attacks

DNS pharming

This type of attack involves an attacker hijacking a Domain Name System (DNS) server, in which hackers redirect traffic intended for a legitimate domain name to a malicious website. The hackers achieve this by modifying the Domain Name System (DNS) server to point to an IP address controlled by them. This attack is very difficult to detect as the malicious website looks exactly like the legitimate one.

Malicious code injection

Malicious Code Injection is a type of attack in which attackers inject malicious code into a web application or website. The purpose of this attack is to gain access to confidential data or take control of the system The malicious code can be injected via an SQL query, a cross-site scripting attack, or a malicious file upload.

Man-in-the-Middle attack

A Man-in-the-Middle Attack is a type of attack in which a fraudster intercepts communication between two parties in order to steal information or redirect a user to a malicious website. The attacker can eavesdrop on the communication and even modify the messages being sent.

Social engineering

Social Engineering is a type of attack in which an attacker exploits human psychology in order to gain access to confidential data or systems. This type of attack involves exploiting a user’s trust in order to gain access to confidential information or redirect a user to a malicious website. The attacker may use deception, manipulation, or other techniques to persuade victims to divulge information or act.


Malvertising is a type of attack in which malicious advertisements are displayed on legitimate websites. These malicious ads contain and involve using online advertising to spread malicious code that can redirect users to malicious websites or download malware onto the user’s computer. Malvertising can also be used to collect sensitive information from users, also known as malware-based pharming.

Signs of a pharming attack

  • Unsolicited emails or text messages containing a link to a website: Phishing emails or texts may contain malicious links that direct users to a fake website that is designed to look like the legitimate site. The links can also contain malicious code that can infect a computer with malware. This is why pharming and phishing go hand in hand.
  • Unfamiliar web addresses that are similar to a legitimate website: Phishers may use a similar web address to a legitimate website in order to deceive users into thinking the site is legitimate. The URL of a website may appear to be legitimate, but the domain name may be slightly different from the legitimate website.
  • Pop-up windows that appear when browsing the web: Phishing attacks may include pop-up windows that contain malicious code, which can be used to infect a computer with malware. Popup warnings or alerts may be unexpected pop-up warnings or alerts that appear on the user’s screen.
  • Webpages that appear legitimate but have a different URL: Phishers may create websites that appear legitimate, but use a different URL from the legitimate website.
  • Unusual activity on financial accounts: Phishing attacks can result in unauthorised access to financial accounts. This can include unauthorised transactions or changes to account information.
  • Unauthorised changes to system settings: Phishing attacks can also result in unauthorised changes to system settings, such as changes to firewall or antivirus settings. Furthermore, unusual activity on a user’s computer or network could be an indication of a pharming attack.
  • Installation of suspicious software on the computer: Phishers may attempt to install malicious software on a computer in order to gain access to personal information or perform malicious activities.
  • Unusual or suspicious network activity: Phishing attacks may result in unusual or suspicious network activity, such as a high volume of traffic or connections to unknown websites.
  • Unusual or suspicious emails: Phishing emails may contain unusual or suspicious content, such as requests for personal information or attachments containing malicious code. Unsolicited emails tend to be unexpected emails from unknown sources and may be part of a pharming attack.
  • Unwanted or strange emails from unknown addresses: Unrecognised emails may be phishing emails that may appear to come from a legitimate source, but the links may take the user to a malicious website. Phishing emails may come from unknown addresses, and the content of the email may be strange or unfamiliar.
  • Unusual or suspicious files appearing on the computer: These are suspicious downloads which users could be tricked into downloading, which contain malicious software which is then downloaded onto their device. Phishers may attempt to install malicious files on a computer, which can be used to gain access to personal information or perform malicious activities.
  • Visiting a website that suddenly redirects to a different website: Phishers may use a technique called “redirection” to send a user to a different website than the one they intended to visit without their knowledge or consent.
  • Unusual requests for personal information: Phishing emails or websites may contain requests for personal information, such as bank account numbers and passwords.

How to Protect Yourself Against Pharming Attacks

1. Use strong passwords: Choose passwords that are at least 12 characters long and contain a combination of numbers, symbols, and upper and lower-case letters. Avoid using words that can be found in the dictionary or easily guessed.

2. Keep your computer and software up to date: Make sure you have the latest security patches installed on your computer and that your software is up to date.

3. Use a firewall: A firewall can help keep malicious code from entering your computer.

4. Use anti-virus and anti-spyware software: Install anti-virus and anti-spyware software and keep it updated. This will help detect malicious code that may be installed on your computer.

5. Use a secure browser: Use a secure browser such as Google Chrome or Mozilla Firefox. These browsers are less vulnerable to attacks and offer additional security features.

6. Use two-factor authentication: When logging into websites or services, use two-factor authentication (2FA). This requires you to enter a code that is sent to your phone or email in addition to your username and password.

7. Stay alert and use caution: Be aware of suspicious emails or links. Never click on a link from an unknown source.

Best practices for businesses for preventing pharming attacks

1. Implement Strong Authentication: Implement multi-factor authentication (MFA) for all customer online accounts. This requires users to enter more than just a username and password to access their accounts. Examples of a second factor of authentication include a one-time password, biometric authentication, or a security token.

2. Educate Users: Educate your customers on what phishing and pharming attacks are and how to identify them. Provide resources such as a security awareness program or phishing simulations.

3. Monitor DNS Changes: Monitor your domains for any changes to their DNS records, as this could indicate that an attacker is attempting to redirect your website, and visitors to a malicious pharming website.

4. Use SSL/TLS Certificates: Use SSL/TLS certificates to ensure that your website is secure, and visitors have a secure connection to the server. This will help prevent attackers from redirecting traffic to a fraudulent website.

5. Keep Software Updated: Ensure that all your software is up to date with the latest security patches and updates. This will help prevent attackers from exploiting any known vulnerabilities.

6. Monitor for Suspicious Activity: Fraud monitoring systems allow you to monitor for any suspicious activity on your website or network. This includes watching for any attempts to modify DNS records, spoof email addresses, or any other suspicious behaviour.

7. Implement Security Policies: Implement security policies that govern how users access and use data, as well as how they are to respond to any suspicious activity. This will help ensure that users understand the importance of data security and follow best practices.

8. Monitor Network Traffic: Monitor your network traffic and look for any suspicious or anomalous activity. This could indicate that an attacker is attempting to access the network or your data.

9. Use a Firewall: Implement a firewall to protect your network from any external threats. This will help prevent attackers from accessing your network and your data.

10. Use Web Filtering Solutions: Implement web filtering solutions to prevent users from accessing malicious websites. This will help prevent users from accidentally visiting a malicious site and being redirected to a phishing or pharming attack.

Preventing pharming attacks with Udentify

Preventing pharming attacks with Udentify

Udentify is an identity proofing and authentication tool that can be used to prevent pharming attacks. Udentify works by verifying the user’s identity before granting them access to services. Udentify uses a combination of biometrics and identity proofing to verify the user’s identity. This means that before the user is allowed to access the website, they must prove who they are by providing facial recognition, or other biometric data.

Udentify’s identity verification can help businesses verify the identity of customers to make sure that only legitimate customers are allowed access to sensitive data and accounts.

How aiReflex can protect your data and customers from pharming

aiReflex is an omnichannel high-performance AI Fraud Prevention suite that helps businesses protect their data and customers from pharming. aiReflex uses advanced machine learning algorithms to detect suspicious activity and identify potential fraud in real-time. It also provides insights into how customers interact with the business, which helps businesses better understand their customers and tailor their security strategies accordingly.

Some of the key features of aiReflex that help protect businesses from pharming include:

1. Real-time monitoring: aiReflex constantly monitors all customer transactions and interactions to detect any suspicious activity or fraud attempts.

2. Advanced analytics: aiReflex leverages powerful analytics to identify patterns and trends in customer behaviour, allowing businesses to detect emerging threats and fraudulent activities before they become serious problems.

3. Data-driven insights: aiReflex provides businesses with valuable insights into customer behaviour and activity, which can be used to improve their security strategies and better protect their customers.

4. Automated fraud prevention: aiReflex can automatically detect and block suspicious transactions, helping businesses protect their data and customers from pharming.

By leveraging aiReflex, businesses can protect their data and customers from pharming while also gaining valuable insights into customer behaviour. This can help businesses better understand their customers and tailor their security strategies to effectively protect their businesses and customers from fraud.

Content Protection by
See the big picture with the full story of fraud via flexible fraud investigation storyboards.