Consumer Fraud Reporting
Reporting on the Latest Frauds, Scams, Fake Lotteries, Spams and Hoaxes

Home Email this page GovernmentAgencies Recognize a scam Report a Scam If you are scammed Your wallet is stolen? Prevent scams Free Publications Recommended Feedback to CFR Glossary Search Credit Card Rights Bookmark and Share



AV product:

Pharming - Fake Websites, Real IP Addresses - Stealing Your Personal Financial Information

What is Pharming?

Pharming is a form of domain spoofing. In simple terms, rather than spamming you with email requests to confirm your financial or personal information, pharmers work invisibly. They change your local DNS server to redirect your Web request to an fake site.  This means that when you enter a web address, such as; you will be taken to a fake website rather than the legitimate website!

As far as you know, you're connected to the correct site. No email is involved, and if they copied the appearance of the real site well, you would have no way to know that anything was wrong.

History of Pharming

  • Panix - In January of 2005, someone fraudulently changed the DNS address for the domain, a New York State Internet service provider. Ownership of the company was changed from New York to Australia. Requests to reach the server were redirected to the United Kingdom, and e-mail was redirected to Canada. State and federal authorities are currently investing this case.
  • Ebay (Germany) - In September 2004, a teenager in Germany managed to hijack the domain for

What do Pharmers do with the Information Today?

Just like in Phishing, the criminals use the information they obtain to apply for new credit cards in the victim's name, withdraw money directly from victims' bank accounts, and spend, spend, spend... the victim's money

In some cases, the scammers act as a clearinghouse, selling stolen credit card numbers in online forums to others who use the information.  Amazingly, the stolen account numbers usually only bring a dollar or two each!

How it works: technical details

It gets a little complicated if you don't understand how the internet works, so here goes: There are a special computers (called domain name servers [DNS]) that work behind the scenes to take the addresses that you type in your browser (or click from a link), like,, etc. and point (redirect) your browser to the right computer connected to the internet that handles that particular website.

These DNS servers are kind of like telephone switchboards. Hackers figured out that if they hack into the DNS computers, they can change the addresses!  It would be like them stealing your phone number so when people dialed your number, they'd get the call instead of you!

How to Prevent being a Victim of Pharming

The address bar on your Internet browser won't tell you anything useful. The address (URL) looks just the same. If the criminals are good, the spoofed site may look just fine, too. At present only a certificate (such as those issued by Verisign) will ensure that you are on the right website.

When you visit a websites that uses a certificate, you will see a box asking you if you want to trust the certificate.  If you do online banking, you've probably already seen these. Compare the names: if the name on the certificate doesn't match the site you're trying to reach, you know that something is wrong! Close the window and contact the company by telephone. If the certificate is OK, you then save the certificate so that when you next return, your browser will know it's reached the right address. You would then log in to the site safely.

What Else Can you Do to Protect Yourself from Pharming Theft

  • Act immediately if you’ve been hooked by a pharmer. If you provided account numbers, PINs, or passwords to a pharmer, notify the companies with whom you have the accounts right away. For information about how to put a “fraud alert” on your files at the credit reporting bureaus and other advice for ID theft victims, contact the Federal Trade Commission’s ID Theft Clearinghouse, or toll-free, 877-438-4338. The TDD number is 202-326-2502.
  • Even if you didn’t get hooked, report Pharming. Tell the company or agency that the pharmer was impersonating. You can also report the problem to law enforcement agencies through the National Fraud Information Center/Internet Fraud Watch, or 800-876-7060, TDD 202-835-0778. The information you provide helps to stop identity theft.    

 Reporting a Possible Pharming Attack

See our What to do, if you think you have been the victim of identity theft page!

If you need advice about an Internet or online solicitation, or you want to report a possible scam, use the Online Reporting Form or call the NFIC hotline at 1-800-876-7060


For More Information About Pharming, See:


Copyright CFR 2005, 2006, 2007, 2008, 2009  - Definition of scam, fraud, etc.Legal disclaimer / corrections / complaints  -  Privacy Policy
Names used by scammers in the examples on this page and others often belong to real people and businesses who often have no knowledge of nor connection to the scammer's use of their name and information.  Sample scam emails and other documents are copies of the scam to help potential victims recognize and avoid it.  You should presume that any names used and presented here in a scam are either fictitious or used without their legitimate owner's permission.
Email us at: