← Back to BlogPhishing Types

Phishing vs. Pharming: What's the Difference?

Phishing vs. Pharming: What's the Difference?

Phishing you've heard of. But "pharming"? That one's a bit more obscure — and arguably more insidious, because it can happen without any suspicious link, email, or attachment.

Here's what both are and how they differ.

A quick recap of phishing:

Phishing involves tricking you into voluntarily visiting a fake website — typically via a deceptive email, text, or link. You're lured to the fake site. You fall for it (or you don't).

The key: phishing requires you to click something or take an action. You have a decision point.

What is pharming?

Pharming is different. It involves corrupting the system that translates website names into addresses — essentially the internet's directory service (called DNS). Instead of luring you to a fake site with a link, pharming redirects you to a fake site even when you type the correct address directly into your browser.

You type `www.yourbank.com.au`. Pharming intercepts and sends you to a convincing fake version. You did everything right. You typed the correct URL. But you ended up somewhere else.

How does pharming happen?

DNS poisoning: An attacker corrupts a DNS server — essentially poisoning the directory — so that many people typing a legitimate address get redirected to a fake one.

Malware-based pharming: Malware on your device modifies your local hosts file, which controls how your specific computer resolves domain names. This redirects you personally, regardless of what DNS server you use.

The frightening part:

With phishing, you can at least spot the suspicious link and choose not to click it. With pharming, you can type exactly the right address and still end up on a fake website. The URL in your address bar might even look correct.

How to protect yourself:

  1. Check for HTTPS and the correct certificate. In your browser, click the padlock icon next to the URL. It should show the certificate issued to the actual organisation (e.g. "Commonwealth Bank of Australia"). If the certificate is for a different organisation or domain, something's wrong.
  1. Use reputable DNS services. Use a known, secure DNS provider like Cloudflare (1.1.1.1) or Google (8.8.8.8) rather than a potentially compromised default.
  1. Keep your router firmware updated. Routers are a common target for pharming attacks that affect your whole home or office network.
  1. Use a reputable internet security product that can detect and block suspicious redirects.
  1. For businesses: Use DNS filtering services that block known malicious domains.

Phishing vs. pharming — the one-liner:

Phishing tricks you into going somewhere bad. Pharming takes you there without you realising.

Sharpen all your cybersecurity knowledge at Phishbate →

Think you can spot a phish?

Put your knowledge to the test with the Phishbate interactive quiz. It only takes a few minutes.

Take the Quiz →