“The potential for the next Pearl Harbor could very well be a Cyber Attack” - Leon Panetta
Go back to your school days. Recount the times when you heard about fishing and farming for the first time. They were taught to you as crucial forms of occupation which formed the means of livelihood for fishers and farmers alike.
These traditional earning sources gradually transformed into a scheme for cheating people within the cyber context. Thus, evolved the idea of phishing and pharming. So what is the difference between phishing and pharming?
How can you account for the difference between phishing and pharming attacks as far as its impact on the victims is concerned? Let us try and answer these questions.
In this blog, we shall try to elaborate on the difference between phishing and pharming. We shall try to answer the question of what is the difference between phishing and pharming by looking at the examples as well as techniques employed in both the types of cyber attacks.
Lastly, we shall also look at the difference between phishing and pharming attacks in terms of different preventive strategies which should be employed in order to mitigate each of them.
Difference between Phishing and Pharming
What is Phishing?
One of the most common forms of cyber attack; the objective of phishing is generally, to acquire critical data in the form of passwords, credentials, credit card numbers and so on, by sending email, messages and links, disguised from sources which the victims have reason to trust.
The cyber criminal adopts a fake appearance as a trusted entity (legitimate company/person) in order to derive confidential information from random individuals by manipulating them. Phishing is made successful through different forms of user interaction.
This can be through instant messages or calls for acquiring sensitive data such as credit card information, emails containing malicious links resulting in download of risky attachments and so on.
Examples of Phishing
In this section, we shall look at some of the most common ways in which a phishing attack is carried out.
- Verification requests of personal data through malicious emails
- Emails using the offers of tax refunds to fool victims
- Emails or calls from recognized financial institutions like banks, asking for passwords, OTP or PIN
- The use of the phrase ‘Click Here’ is quite common in such communication
- False emails claiming that a particular payment made by you has failed and hence try to force you to take a particular action
- There might be instances wherein you might be redirected to a fraudulent site upon entering the URL in the browser
Phishing itself is a broad term which covers different types of phishing attacks on the basis of the kind of strategies and techniques employed by cyber criminals for reaching their victims.
Thus, when we try to understand what is the difference between phishing and pharming, it is important to make sense of the different forms of each of these two attacks.
The phishing attack is carried out through malicious emails.
It is a form of phishing attack wherein the email is sent to specific targets such as specific individuals, business or organizations.
Also known as CEO Phishing, this attack is essentially targeted towards business leaders or senior executives of organizations.
In this kind of phishing attack, the fraudster plays with the emotions of the victim in order to betray them for eliciting sensitive information. These types of attacks are generally initiated through dating sites.
This attack involves the act of creating a replica. The attacker clones/creates a replica of a legitimate or genuine email which an individual might have had received from an authentic source.
The forged email is identical to the genuine email and is sent from a spoofed email id. It does contain malicious content like a link which if clicked, results in the installation of malware in the victim’s system.
Want to know about Clone Phishing in full?, refer to our blog on “What is Clone Phishing?: Everything you Need to Know about a Clone Phishing Attack”
In this case, social media is used as the medium for executing a cyber attack. Attempt is to steal personal information posted on social media platforms and consequently force victims in divulging personal information.
This attack makes use of text messages for tricking users. The messages usually involve phone numbers for the user to call or a link to a legitimate website which is controlled by the attacker.
Vishing can be understood as a voice based phishing attack, meant to extract personal or financial information from the victims over a fraudulent phone call.
Phishing is often confused with another closely related cyber crime and that is spoofing. If you wish to understand the difference between them, do read our blog on “Spoofing vs. Phishing: A Comparative Study”