How to protect yourself from Pharming

​​Pharming is a sophisticated form of online fraud. Because the technique is hard to detect, it poses a threat to even the most vigilant internet users. Here, we explain exactly how pharming works, what to watch out for, and how to protect yourself from this discreet yet dangerous online menace.

“Pharming” is used to describe a process that combines “farming” and “phishing.” The core principle is the same as phishing: criminals lure their victims into a trap and deceive them into handing over sensitive information. But there’s a crucial difference.

While phishing requires you to consciously click a link to visit a fraudulent website, pharming uses malicious code to redirect you automatically—even when you type in the correct web address.

How is this possible? Put simply, pharming exploits the very foundation of how the internet operates. Warning: things are about to get pretty technical, but don’t worry! Understanding how to stay safe is fairly straightforward—a little knowledge goes a long way.

There are two types of pharming attacks—malware-based and DNS server-based. The first influences a computer directly by exploiting the DNS cache and changing its settings. The second method is more sophisticated, as criminals attack the DNS server itself without accessing individual computers. But before jumping into an explanation of the two types of pharming attacks, let’s briefly look at how internet browsing works. 

Security at N26

Your security is our priority. Arm yourself with our tips to protect yourself online.

Check N26 Guide to Secure Online Banking

When browsing the web, we type in domain names—such as N26.com or Facebook.com—to visit a website. However, web browsers locate websites based on their IP addresses, not a domain name. So, a website’s actual location is defined by its Internet Protocol (IP) address. Think of this as the computer’s language, which—in contrast to us—prefers long number sequences over simple names.

Imagine trying to find a location you’ve never been to before. You may use a city name, a district, a street address, or a postcode to point you in the right direction. These naming systems are similar to domains. An IP address is the equivalent of the precise coordinates of a location—and therefore more handy when using a map.

To translate huge numbers of domains into IP addresses, the internet needs its version of a directory. That’s where Domain Name System (DNS) servers come in. A DNS server translates domain names into IP addresses—it essentially points your web browser to the precise location after you enter the domain.

When a domain is translated into an IP address, it finds the correct location by contacting a DNS server online. To speed up the process, data is temporarily stored so that your computer has fast access to a website’s location. Rather than contact an external DNS server, the information is stored on your computer. 

This storage process is referred to as a DNS cache—your personal directory stored directly on your device. Most modern web browsers store information in a DNS cache automatically. This cuts out the middleman and results in faster browsing. Unfortunately, shrewd online criminals have found a way to exploit this system. As already mentioned, there are two types of attacks. Let’s have a closer look at both. 

Malware is malicious code installed onto a computer, either from a corrupt email or a dodgy download. Malware-based pharming uses such code to redirect your browser to a fake website which is controlled by fraudsters. This technique is particularly troublesome because you enter a legitimate URL (or even follow a bookmark) before being redirected.

The subtle rerouting happens behind the scenes. That’s because the malware that has been installed changes the computer’s local host files and DNS cache. These files contain the directory that’s used to translate domains to IP addresses—so by changing this information, a legitimate domain translates to an IP address that’s linked to a fraudulent website.

To make matters worse, the fraudulent websites are designed to mimic genuine sites. So not only do you enter an accurate URL, you also end up on a page that imitates the real deal. Any information that you enter on this site—for instance your bank details—can be sent straight to hackers who can exploit it for fraud or identity theft. 

DNS server-based pharming is the next level in pharming attacks. Rather than aim for a single user by infecting their computer with malware, criminals target the server directly. A corrupted server redirects users to a fake IP address, even when an individual’s computer is completely fine and uninfected. This type of attack isn’t linked to individual files, because it’s the server itself which is “poisoned” and will redirect visitors even when the right URL is entered.

Because DNS server poisoning poses a high level of potential threat, large corporations invest a lot of money into sophisticated anti-pharming measures. The risk of being on the receiving end of such an attack—whether through the financial loss of individual customers or reputational damage—makes cybersecurity a top priority for companies. So, how can you detect pharming attacks and stay safe?

Defending yourself against pharming attacks can feel like a challenging task. But the good news is that there are precautions you can easily take to ramp up your security. The first line of defense starts with your personal computer. Make sure you’re protected with antivirus, antispyware, and you have your firewall switched on.

Additionally:

• Always check for secure web connections (HTTPS), often indicated by the padlock on Chrome. Ultimately, however, an SSL certificate is the only trustworthy indicator.
• Consider using a VPN (Virtual Private Network) which uses a reputable DNS.
• Change the default password on your router.

Essentially, if something seems “off” about a website, be cautious and don’t proceed without investigating first. This may be as subtle as spelling and grammatical errors, odd-looking formatting, or varying font sizes. This way you can detect pharming before walking into the trap!

The bank account that gives you more control

Spend and save with confidence, and discover a better way to manage your money

Get bank account (new tab)

As a fully digital bank, the security of your bank account is our top priority. At N26, we’ve implemented a number of preventative measures to keep your account safe, like smartphone pairing, secure login, and the option to customize your security settings directly in the N26 app. On top of that, you can find several guides on how to protect yourself from vishing, smishing and other types of online fraud on our blog. Read our complete guide to secure online banking to learn more.