Pharming: how to protect yourself and remain vigilant
Pharming is a particularly cunning form of phishing. Here, we explain how it works and the best ways to protect yourself when browsing the web.
7 min read
Pharming is a sophisticated form of online fraud. Because the technique is hard to detect, it poses a threat to even the most vigilant internet users. Here we explain exactly how pharming works, what to watch out for, and how to protect yourself from this discreet-yet-dangerous online menace.The pharming definition combines “farming” and “phishing.” The core principle is the same as phishing: criminals lure victims into a trap and deceive them into handing over sensitive information. But there’s a crucial difference. While phishing requires the target to consciously click a link to visit a fraudulent website, pharming uses malicious code to redirect automatically—even when the user types the correct web address.How is this possible? Well, pharming is particularly cunning, because it exploits the very foundation of how the internet operates. To forewarn you, it’s about to get technical. But don’t worry—understanding what you need to know to stay safe is fairly straightforward. A little knowledge goes a long way.Defending yourself against pharming attacks can feel like a challenging task. But the good news is that there are precautions to take to ramp up your security. The first line of defense starts with your personal computer. Make sure you’re protected with antivirus, antispyware, and you have your firewall switched on.Additionally:Before jumping into an explanation of the two types of pharming attacks, let’s briefly explain how internet browsing works. When browsing the web, we input domain names, such as N26.com or Facebook.com, to visit a website. However, a website’s actual location is defined by its Internet Protocol (IP) address. Think of this as the computer’s language.Web browsers locate websites based on their IP addresses, not a domain name. Imagine trying to find a location you’ve never been to before. You may use a city name, a district, a street address, a postcode to point you in the right direction. These naming systems are similar to domains. An IP address is the equivalent of the precise coordinates of a location.To translate huge numbers of domains into IP addresses, the internet needs its version of a directory. That’s where Domain Name System (DNS) servers come in. A DNS server translates domain names into IP addresses. It points your web browser to the precise location, after you enter the domain.When a domain is translated into an IP address, it finds the correct location by contacting a DNS server online. To speed up the process, data is temporarily stored so that your computer has fast access to a website’s location. Rather than contact an external DNS server, the information is stored on your computer.This storage process is referred to as a DNS cache—your personal directory stored directly on your device. Most modern web browsers store information in a DNS cache automatically. This cuts out the middleman and results in faster browsing. Unfortunately, shrewd online criminals have found a way to exploit this system.Understanding how the internet functions helps explain how criminals exploit the system. There are two types of pharming attack: malware-based and DNS server-based. The first influences a computer directly by exploiting the DNS cache and changing its settings. The second method is more sophisticated since criminals attack the DNS server itself, without accessing individual computers.Malware is malicious code installed onto a computer, either from a corrupt email or dodgy download. Malware-based pharming uses such code to redirect the victim’s browser to a fake website which is controlled by fraudsters. This technique is particularly troublesome as the user enters a legitimate URL (or even follows a bookmark) before being redirected.The subtle rerouting appears behind the scenes. That’s because the malware has been installed and changes the computer’s local host files and DNS cache. These files contain the directory used to translate domains to IP addresses. By altering this information, a legitimate domain translates to an IP address linked to a fraudulent website.To make matters worse, this website is designed to mimic the genuine site. So not only do you enter an accurate URL, you also end up on a page that imitates the real-deal. Any information entered on this site is sent straight to hackers to exploit for fraud or identity theft. DNS server-based pharming is the next-level in pharming attacks. Rather than aim for a single user by infecting their computer with malware, criminals target the server directly. A corrupted server redirects users to a fake IP address, even when an individual computer is completely fine and uninfected. This type of attack isn’t linked to individual files, because it’s the server itself which is “poisoned” and will redirect visitors even when the right URL is entered.Because of the level of potential threat with DNS server poisoning, large corporations invest a lot of money into sophisticated anti-pharming measures. The risk in being on the receiving end of such an attack—whether through the financial loss of individual customers or reputational damage—makes cybersecurity a top priority.In addition to the steps you can take to protect yourself, you may be wondering what we’re doing on our side to keep you safe. Well, read on!Each time our customers interact with our services, data packets are transferred back and forth—from one endpoint to another. So that we can maintain a secure communication channel, and prevent unauthorised third-parties from intercepting sensitive information, we encrypt those data packets using TLS, or Transport Layer Security, protocol.We’ve embedded a trusted certificate into our web-app which validates connection requests based on certificate-matching. If a connection request is made, and the client (web browser) detects a certificate that does not match, the connection request will be refused—this ultimately prevents end-users from connecting to potentially malicious sites.Unfortunately, this doesn’t protect a computer locally. As explained above, attackers may (rarely) target users directly. It is, therefore, advisable that you search for untrusted certificates on your computer. If you’re unsure about how to do this, seeking advice from somebody with knowledge and experience on this topic is best.HSTS, or HTTP Strict Transport Security, is the most up-to-date version of Secure Socket Layer (SSL) encryption. It allows for trusted interactions to take place between browsers and websites.HSTS protocol contains encryption sub-layers, such as: a hardcoded list of trusted websites; this is known as the HSTS preload list. Well-known, trusted browsers such as Google Chrome and Firefox have integrated a HSTS mechanism that is activated by default, which means you don’t have to do anything to benefit from this additional layer of protection.HSTS protocol standards are maintained by the Internet Engineering Task Force (IETF), an open organisation which is managed entirely by volunteers, and whose work is funded by sponsors around the world. Legitimate companies like N26 must fulfill a strict set of requirements before joining the list. Once added, members must continually act in accordance with IETF policies, otherwise, they will be removed. If you’d like to learn more, click here.
What is pharming?
Security at N26
Your security is our priority. Arm yourself with our tips to protect yourself online.
Check N26 Guide to Secure Online BankingHow to protect yourself from pharming
- Always check for secure web connections (HTTPS), indicated by the padlock on Chrome. However, an SSL certificate is the only indicator of trust—a report by the Anti-Phishing Working Group (APWG) found that by the end of 2019, 74 percent of phishing websites use SSL.
- Consider using a VPN (Virtual Private Network) which uses reputable DNS.
- Change the default password on your router.
What are Domain Name Systems (DNS)?
The role of a DNS cache
What are the different types of pharming attacks?
What is malware-based pharming?
What is DNS server poisoning?
Security at N26
At N26, security is our priority. Discover a 100% mobile banking experience.
Learn more about security at N26Security at N26
End-to-End Encryption (E2EE)
Certificate Pinning
Additional Browser Protection
HSTS Protocol
What makes it secure?
How is eligibility determined, and by whom?
Find similar stories
BY N26Love your bank
Advertising message for promotional purposes. Please see the contractual documentation for more information in the Legal Documents Section.
Related Post
These might also interest youTechnology & Security
How scammers are using QR codes to steal your data
Not all QR codes are harmless. Here’s what to look out for to avoid falling for a “quishing” scam.
4 min read
Technology & Security
5 popular holiday scams to watch out for this season
Don’t let scammers ruin your holidays. Get informed about these 5 popular holiday scams to protect your wallet.
5 min read
Technology & Security
How to keep your money safe when you shop online
Here's how you can protect yourself.
8 min read