Definition of the Day: Pharming

Home / Resources / Definition of the Day / Definition of the Day: Pharming

Pharming is a derivation of the hacking technique of host file redirection. It is targeted at a broad swath of potential victims. (Think phishing + farming = pharming.) This hack redirects an innocent internet user to a fake clone of a website where the user then unknowingly gives high risk information to the hacker.

Finding one’s way to a web domain requires converting the letters of that web domain into their correct, numerical DNS address. DNS servers handling millions of requests a day do this. In a pharming attack the hacker takes control of a DNS server and redirects its visitors to fake versions of popular websites. Instead of converting the domain name to the correct numerical IP address, the poisoned DNS server converts the domain name to an IP address that hosts a fake version of the website.

The most common scenario would be being redirected to a fake version of your bank’s website where one enters their login and password information, giving it to hackers. Or, one might visit a fake website and get malware injected into your computer.

A pharming attack is difficult to detect and prevent. One would have to notice that the website visited is different than how it should be. Also, pharming is tricky because victims can be hacked even if their system is free of malware and viruses. They need only to visit a fake website and enter their data.

The best way to prevent this is to pay special attention to the look, feel and components of the high risk websites one visits. Do they have an SSL certificate like they should? Does the design look correct? Anything off? Does the 2 factor authentication remain the same?

In word, the best defense against pharming is vigilance.