4 Ways to Avoid Pharming

Phishing Attack

While it might sound like something entirely innocent, pharming is a term used to describe a type of cybercrime where a user is sent to a phony website.

The ultimate goal here is to have the user unknowingly hand over their personal information. This includes sensitive information, such as banking information or account login credentials. The stolen data can then be used in various cybercrimes, including identity theft and account takeover fraud.

Combining the words phishing and pharming, this type of cyber-attack is also referred to as phishing without a lure.

Phishing Scams vs. Pharming

Phishing is a form of online crime where the attacker attempts to have the user click on a compromised email link. From there, the user is taken to a fake site and enters their user information like a username and password. As soon as that happens, the hacker can use your information to access the legitimate site.

Alternatively, pharming occurs when criminals install malicious code either on your device or your server. The code then sends you to a counterfeit website where you unintentionally enter your details. The difference between phishing and pharming is that pharming doesn’t require you to click on any links but are automatically directed to the fake site.

How Pharming Works?

There are two main ways that a pharming attack is executed, according to Kaspersky.

“First, a hacker may install a virus or Trojan on a user’s computer that changes the computer’s hosts file to direct traffic away from its intended target, and toward a fake website instead.

Second, the hacker may instead poison a DNS server, causing multiple users to visit the fake site inadvertently. The fake websites can be used to install viruses or Trojans on the user’s computer, or they could be an attempt to collect personal and financial information for use in identity theft.”

In 2007 as many as 50 financial institutions were the target of a well-orchestrated pharming attack, including those in the United States, Europe, and the Asia-Pacific region.

SC Magazine reported, “Researchers from Websense told the wire service that attackers lured victims to a website hosting malicious code that exploited a patched Microsoft vulnerability. The vulnerability requires a user to only visit a website to have his or her PC infected by malware.”

Adaware explained that among the targeted companies included the Bank of Scotland, Barclays Bank, PayPal, Discover Card, eBay, and American Express.

How to Avoid Pharming?

  1. Use Antivirus Programs and Firewalls

One of the best ways of preventing pharming attacks is to install antivirus software. This is because it should recognize malware attempting to enter your system, as well as to detect pharming codes that might have already registered the system. On top of that, antivirus programs will notify you when you attempt to access insecure sites.

Firewalls are another line of defense. Not only will they prevent data leaking from your computer, but they also close ports in order to stop malicious traffic from infiltrating your device.

  1. Update Your Devices and Software

Although it might seem like a drag sometimes, updates will typically contain critical security patches that are designed to keep your devices safe.

If you get notified of an available update, it’s best to complete it sooner rather than later. Not reliable when it comes to regular updates? You can automatically set most updates to run on their own at a scheduled time while you are away from your devices.

  1. Keep an Eye out For Malicious Emails

The problem with pharming and phishing emails is that they have become incredibly sophisticated, meaning they can be hard to spot. However, there are telltale signs that you can look out for. This includes poor spelling and grammar, as well as a dodgy email address from the sender.

Try avoiding clicking on such links in general, and if you are suspicious, make sure to contact the company directly.

  1. Look for Red Flags on Websites

Make sure that the website you’re visiting starts with an “https” and not “http.”

Other signs include out of date copyright information, poor navigation, or even missing pages. Using two-factor authentication also helps. Even if hackers access your username and password, they will not be able to get access to your account.


Protecting your devices from pharming might be trickier than before, with hackers using sophisticated methods to gain your information. By using the tips mentioned above, you can minimize the possibility of it happening to you.

Mark Funk
Mark Funk is an experienced information security specialist who works with enterprises to mature and improve their enterprise security programs. Previously, he worked as a security news reporter.