Pharming - Fake Websites, Real IP Addresses - Stealing Your Personal Financial Information

What is Pharming?

Pharming is a form of domain spoofing. In simple terms, rather than spamming you with email requests to confirm your financial or personal information, pharmers work invisibly. They change your local DNS server to redirect your Web request to an fake site.  This means that when you enter a web address, such as; you will be taken to a fake website rather than the legitimate website!

As far as you know, you're connected to the correct site. No email is involved, and if they copied the appearance of the real site well, you would have no way to know that anything was wrong.

History of Pharming

What do Pharmers do with the Information Today?

Just like in Phishing, the criminals use the information they obtain to apply for new credit cards in the victim's name, withdraw money directly from victims' bank accounts, and spend, spend, spend... the victim's money

In some cases, the scammers act as a clearinghouse, selling stolen credit card numbers in online forums to others who use the information.  Amazingly, the stolen account numbers usually only bring a dollar or two each!

How it works: technical details

It gets a little complicated if you don't understand how the internet works, so here goes: There are a special computers (called domain name servers [DNS]) that work behind the scenes to take the addresses that you type in your browser (or click from a link), like,, etc. and point (redirect) your browser to the right computer connected to the internet that handles that particular website.

These DNS servers are kind of like telephone switchboards. Hackers figured out that if they hack into the DNS computers, they can change the addresses!  It would be like them stealing your phone number so when people dialed your number, they'd get the call instead of you!

How to Prevent being a Victim of Pharming

The address bar on your Internet browser won't tell you anything useful. The address (URL) looks just the same. If the criminals are good, the spoofed site may look just fine, too. At present only a certificate (such as those issued by Verisign) will ensure that you are on the right website.

When you visit a websites that uses a certificate, you will see a box asking you if you want to trust the certificate.  If you do online banking, you've probably already seen these. Compare the names: if the name on the certificate doesn't match the site you're trying to reach, you know that something is wrong! Close the window and contact the company by telephone. If the certificate is OK, you then save the certificate so that when you next return, your browser will know it's reached the right address. You would then log in to the site safely.

What Else Can you Do to Protect Yourself from Pharming Theft

 Reporting a Possible Pharming Attack

See our What to do, if you think you have been the victim of identity theft page!

If you need advice about an Internet or online solicitation, or you want to report a possible scam, use the Online Reporting Form or call the NFIC hotline at 1-800-876-7060


For More Information About Pharming, See:


Summer allergies  air filter