N26 logo against a turquoise background.

How to protect yourself from Pharming

Pharming is a particularly cunning form of phishing. Here, we explain how it works and the best ways to protect yourself when browsing the web.

5 min read

​​Pharming is a sophisticated form of online fraud. Because the technique is hard to detect, it poses a threat to even the most vigilant internet users. Here, we explain exactly how pharming works, what to watch out for, and how to protect yourself from this discreet yet dangerous online menace.

What is pharming?

“Pharming” is used to describe a process that combines “farming” and “phishing.” The core principle is the same as phishing: criminals lure their victims into a trap and deceive them into handing over sensitive information. But there’s a crucial difference.

While phishing requires you to consciously click a link to visit a fraudulent website, pharming uses malicious code to redirect you automatically—even when you type in the correct web address.

How is this possible? Put simply, pharming exploits the very foundation of how the internet operates. Warning: things are about to get pretty technical, but don’t worry! Understanding how to stay safe is fairly straightforward—a little knowledge goes a long way.

How does pharming work and what are the different types of pharming attacks? 

There are two types of pharming attacks—malware-based and DNS server-based. The first influences a computer directly by exploiting the DNS cache and changing its settings. The second method is more sophisticated, as criminals attack the DNS server itself without accessing individual computers. But before jumping into an explanation of the two types of pharming attacks, let’s briefly look at how internet browsing works. 

Security at N26

Your security is our priority. Arm yourself with our tips to protect yourself online.
Check N26 Guide to Secure Online Banking
illustration showing a green shield as a sign of security and protection.

What are Domain Name Systems (DNS)?

When browsing the web, we type in domain names—such as N26.com or Facebook.com—to visit a website. However, web browsers locate websites based on their IP addresses, not a domain name. So, a website’s actual location is defined by its Internet Protocol (IP) address. Think of this as the computer’s language, which—in contrast to us—prefers long number sequences over simple names.

Imagine trying to find a location you’ve never been to before. You may use a city name, a district, a street address, or a postcode to point you in the right direction. These naming systems are similar to domains. An IP address is the equivalent of the precise coordinates of a location—and therefore more handy when using a map.

To translate huge numbers of domains into IP addresses, the internet needs its version of a directory. That’s where Domain Name System (DNS) servers come in. A DNS server translates domain names into IP addresses—it essentially points your web browser to the precise location after you enter the domain.

The role of a DNS cache

When a domain is translated into an IP address, it finds the correct location by contacting a DNS server online. To speed up the process, data is temporarily stored so that your computer has fast access to a website’s location. Rather than contact an external DNS server, the information is stored on your computer. 

This storage process is referred to as a DNS cache—your personal directory stored directly on your device. Most modern web browsers store information in a DNS cache automatically. This cuts out the middleman and results in faster browsing. Unfortunately, shrewd online criminals have found a way to exploit this system. As already mentioned, there are two types of attacks. Let’s have a closer look at both. 

What is malware-based pharming?

Malware is malicious code installed onto a computer, either from a corrupt email or a dodgy download. Malware-based pharming uses such code to redirect your browser to a fake website which is controlled by fraudsters. This technique is particularly troublesome because you enter a legitimate URL (or even follow a bookmark) before being redirected.

The subtle rerouting happens behind the scenes. That’s because the malware that has been installed changes the computer’s local host files and DNS cache. These files contain the directory that’s used to translate domains to IP addresses—so by changing this information, a legitimate domain translates to an IP address that’s linked to a fraudulent website.

To make matters worse, the fraudulent websites are designed to mimic genuine sites. So not only do you enter an accurate URL, you also end up on a page that imitates the real deal. Any information that you enter on this site—for instance your bank details—can be sent straight to hackers who can exploit it for fraud or identity theft. 

What is DNS server poisoning?

DNS server-based pharming is the next level in pharming attacks. Rather than aim for a single user by infecting their computer with malware, criminals target the server directly. A corrupted server redirects users to a fake IP address, even when an individual’s computer is completely fine and uninfected. This type of attack isn’t linked to individual files, because it’s the server itself which is “poisoned” and will redirect visitors even when the right URL is entered.

Because DNS server poisoning poses a high level of potential threat, large corporations invest a lot of money into sophisticated anti-pharming measures. The risk of being on the receiving end of such an attack—whether through the financial loss of individual customers or reputational damage—makes cybersecurity a top priority for companies. So, how can you detect pharming attacks and stay safe?

How to protect yourself from pharming

Defending yourself against pharming attacks can feel like a challenging task. But the good news is that there are precautions you can easily take to ramp up your security. The first line of defense starts with your personal computer. Make sure you’re protected with antivirus, antispyware, and you have your firewall switched on.


  • Always check for secure web connections (HTTPS), often indicated by the padlock on Chrome. Ultimately, however, an SSL certificate is the only trustworthy indicator.
  • Consider using a VPN (Virtual Private Network) which uses a reputable DNS.
  • Change the default password on your router.

Essentially, if something seems “off” about a website, be cautious and don’t proceed without investigating first. This may be as subtle as spelling and grammatical errors, odd-looking formatting, or varying font sizes. This way you can detect pharming before walking into the trap!

The bank account that gives you more control

Spend and save with confidence, and discover a better way to manage your money
Get bank account (new tab)
Smart Hero (ALL EU) Text/Media Intro.

Security at N26

As a fully digital bank, the security of your bank account is our top priority. At N26, we’ve implemented a number of preventative measures to keep your account safe, like smartphone pairing, secure login, and the option to customize your security settings directly in the N26 app. On top of that, you can find several guides on how to protect yourself from vishing, smishing and other types of online fraud on our blog. Read our complete guide to secure online banking to learn more.

What is pharming?

Pharming is a sophisticated form of online fraud, whereby hackers manipulate website information—which is saved locally on a computer or on a server—to access user data. In contrast to phishing, users don’t have to click on a link to visit a fraudulent website. The hackers forward their victims directly to a fake website by manipulating DNS caches or DNS servers and translating authentic domain names to different IP addresses. The fraudulent website mimics the genuine one, which is why it’s hard to detect this type of online fraud.

What is the definition of the DNS Server?

A DNS server is a kind of online directory, which translates domain names like n26.com into IP addresses. IP addresses are similar to coordinates that point to the precise “location” of a website. Since it’s easier to enter a name rather than a complicated series of numbers in the search bar of your browser, DNS servers do the “translation work”—hence the term “domain name service”. DNS caches save the translation locally on your computer, so the server doesn’t have to translate the same IP address over and over again and you can access your favorite websites even faster.

Should I report online fraud to the authorities?

You don’t have to report online fraud, but you can do so for the sake of others. This helps businesses to warn other customers of recent pharming attacks, for instance by email or directly on their website. Here you learn how to report cybercrime in your country.

Find similar stories

By N26

Love your bank

Related posts

These might also interest you
Different colored locks locked onto a chain.

Tips for secure online banking

Online banking has transformed our finances. Here's how to stay secure while managing your money.

woman holding a cell phone.

Deposit protection scheme: why your money is protected

Looking for reassurance that your money is protected? Deposit protection schemes help secure the money in your bank account.

Stay safe while online shopping.

How to keep your money safe when you shop online

Protect yourself from fraud with this simple guide.