• Animesh Gupta

What is Pharming Attack?

Updated: Aug 16, 2018

Pharming attack will redirect to the fake(phishing) page even though user enter the correct address. For Eg: facebook.com will show the fake page instead.The term pharming is a derived from farming and phishing. In recent years both pharming and phishing have been used for online identity theft information. Pharming has become of major concern to businesses hosting ecommerce and online banking websites

How does it works?

Method 1: DNS Poisoning: 

1. Attacker hacks into the DNS server and changes the IP address for www.targetsite.com to IP of www.targetsite1.com (Fake page).

2. So if the user enter the URL in address bar, the computer queries the DNS server for the IP address of www.targetsite.com. 

3. Since the DNS server has already been poisoned by the attacker, it returns the IP address of www.targetsite1.com(fake page).

4. The user will believe it is original website but it is phishing page. 

Method 2: HOSTS file Modification:

This method is local DNS poisoning. 

What is host file?

The host file contains Domain Name and IP address associated with them.  Your host file will be in this path:


It will change the fields of hosts so that original website will point to some other fake page.  Please read this article to know more about this method: Use original Domain for phishing using hosts file.

Other types of pharming attacks involve Trojan horses, worms or other technologies that attack the browser address bar, thus redirecting you to a fraudulent website when you type in a legitimate address.

Instances of Pharming:

In January 2005, the domain name for a large New York ISP, Panix, was hijacked to point to a site in Australia. No financial losses are known.

In January 2008, Symantec reported a drive-by pharming incident directed against a Mexican bank in which the DNS settings on a customer’s home router were changed after receipt of an e-mail that appeared to be from a legitimate Spanish-language greeting card company

In a poisoning attack in early March 2010, requests from more than 900 unique Internet addresses and more than 75,000 e-mail messages were redirected, according to log data obtained from compromised Web servers that were used in the attacks, says PC Mag.

How do you stop a pharming site?

For the most part, it’s your ISP (internet service provider) who fights against pharming sites, by filtering out fake redirects and closing down fraudulent sites. But there are still measures you can take to stop pharming and the most important one is to install a powerful antivirus that can find and remove any malware on your computer that will direct you to malicious sites.

Prevention over Pharming:

  • Check the URL on sites you visit to make sure they’re correct

  • Use a trustworthy ISP and be smart about the websites you visit

  • Use security software to ensure the sites you visit are trustworthy


©2019 Security Unleashed | New Delhi