What Is Pharming and How to Protect Yourself From It?

What is Pharming

You could argue that there are a few significant similarities between pharming and phishing. In fact, many could confuse the two terms quite easily, which isn't really a surprise given that the ultimate goal is the same – tricking unsuspecting users into visiting a malicious website and giving away their data. There is one major difference in the way the two attacks work, however, and if people want to protect themselves, they need to understand it.

How does a phishing attack work?

Most of you should be familiar with what phishing is by now, but we'll recap just in case. Let's imagine that hackers are trying to organize a phishing campaign aimed at Facebook users. They first create a malicious page that looks identical to what people see on Facebook.com, and they upload it to a server they've previously compromised.

Then, they send out some emails that use social engineering in order to convince unsuspecting users to visit the fake Facebook page. More often than not, they use scare tactics to lead people into thinking that their account security has been put at risk and that if they don't act quickly, they might lose the ability to use the world's most popular social network. Victims follow the link in the email and end up on the malicious page created by the hackers. Thinking that they're logging into their Facebook profile, they enter their credentials in the username and password fields, and they unwittingly send them to the crooks.

Phishing attacks aren't especially sophisticated, but they are effective, and that's because users simply don't pay attention to their browsers' address bars. If you are targeted by a Facebook phishing attack and you are fooled into clicking on the link in the email, all you need to do is glance at the URL in order to find out that it's not trustworthy. If you're a victim of a pharming attack, however, this won't be enough.

The difference between phishing and pharming

Let's stick with our Facebook example and see what happens if hackers decide to launch a pharming attack on the social network's users. Once again, they first need to create a carbon copy of Facebook's homepage, and they also need to host it somewhere. As we mentioned already, the idea is the same: unsuspecting victims who end up on the fake website give their credentials to the crooks because they think that they're seeing the real Facebook homepage. This time around, however, there's nothing to tell them that they aren't.

The main difference between the two types of credential theft is that in a pharming attack, users see "facebook.com" in the address bar despite the fact that they've been redirected to a page that only mimics the social network and is designed to steal their login data.

This makes the scheme much more believable. So much so, that some of you may be wondering how such a thing is even possible.

How do pharming attacks trick people out of their passwords?

Some of you might think that in the hypothetical scenario outlined above, the hackers have compromised Facebook itself and are hosting their bogus login form on Mark Zuckerberg's servers. This is not really the case. Hacking large online service providers like Facebook is extremely hard. Instead of accepting the risks associated with such an attack, the crooks fool the victims' browsers into connecting to the wrong address when the correct URL is entered. There are two ways of doing this.

They can attack individual users by compromising their hosts file – a plaintext file that is available on all major operating systems and is responsible for mapping hostnames to IP addresses. By adding just one line of text to a computer's hosts file, the crooks can ensure that when "facebook.com" is entered into the address bar, the victim is led to a completely different location. This modification is usually made by malware, and victims are given no visual indication of any of the changes, which makes this mechanism perfect for highly targeted pharming attacks.

As the name suggests, however, pharming attacks usually aren't highly targeted. In most cases, crooks want to hit a large number of people at once, and for that purpose, modifying individual hosts files is simply not a very effective approach. The hackers do have another one, though.

DNS spoofing sits at the heart of many pharming attacks, and when you learn how it works, you'll see why this type of credential theft could be much more convincing than regular phishing.

DNS stands for Domain Name System. It's as old as the World Wide Web as we know it, and it ensures that the domain you enter into the address bar of your browser leads you to the right content. DNS operates through a vast network of servers spread all around the world, and each server is responsible for the correct rerouting of a large number of users. You can probably guess what could happen if even a single one gets compromised.

By hijacking DNS servers, hackers can ensure that many users are redirected to a fake webpage when they are visiting a completely legitimate URL. In a pharming attack, the victims don't necessarily need to click any shady links, which is why the attack is sometimes referred to as "phishing without a lure." Worst of all, there's not really that much you can do to protect yourself from it.

How to stay safe?

Most security products that offer real-time protection will alert you if a malicious program is interfering with your hosts file, but suffice to say, your best bet is not to allow such a program into your computer in the first place. Security best practices apply here as much as everywhere else. Don't click random links emailed to you, keep your software up to date, and use reputable service providers only.

Unfortunately, when it comes to DNS spoofing, things are largely out of your control. Other people are in charge of protecting DNS servers, and the simple fact of the matter is that their job isn't always good enough. You, as an end user, can do little more than keep your eyes peeled and watch out for anything suspicious. Pay close attention to even minute details, and if you're not sure about everything, refrain yourself from entering your login credentials or other sensitive data.

By Duran
March 6, 2020
Computer Security
March 6, 2020
Computer Security

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

5 years ago

What is the OperaGXSetup.exe File and is it Malicious?

11 months ago

Eporner.com And Why Its Excessive Pop-Ups Are Risky

11 days ago

HackTool:Win32/Crack: a Malicious Threat That Can Seriously...

7 months ago

Take Note: Someone Added You As Their Recovery Email Scam

10 months ago

A Potentially Serious Threat: Trojan:Win32/Suschil!rfn

18 days ago

Related Posts

News

Cardless ATM Scams: How to Protect Yourself Against Them

To ensure that our money doesn't sit still, banks and financial institutions have embraced technology and have given us numerous ways of moving cash around. They know that convenience plays a major part in the... Read more

November 15, 2018
Tips

How to Protect Yourself From New Office 365 Voicemail Phishing Scams

Nowadays, there’s hardly a useful online service or platform that malicious actors have not tried to exploit for scamming purposes — case in point – the wave of Office 365 voicemail scams. Office 365 is a handy... Read more

December 12, 2019
Password Security

What Is Password Stuffing, and What Can You Do to Protect Yourself Against It?

A user has one of their online accounts hijacked, and the first thing they ask themselves is: 'How did the hackers get their filthy hands on my password?'. They're angry and they want answers. When the replies are... Read more

October 11, 2018
Loading...

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2025 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.