The potential for the next Pearl Harbor could very well be a Cyber Attack – Leon Panetta
Go back to your school days. Recount the times when you heard about fishing and farming for the first time. They were taught to you as crucial forms of occupation which formed the means of livelihood for fishers and farmers alike.
These traditional earning sources gradually transformed into a scheme for cheating people within the cyber context. Thus, evolved the idea of phishing and pharming. So what is the difference between phishing and pharming.
How can you account for the difference between phishing and pharming attacks as far as its impact on the victims is concerned? Let us try and answer these questions.
In this blog, we shall try to elaborate on the difference between phishing and pharming. We shall try to answer the question of what is the difference between phishing and pharming by looking at the examples as well as techniques employed in both the types of cyber attacks.
Lastly, we shall also look at the difference between phishing and pharming attacks in terms of different preventive strategies which should be employed in order to mitigate each of them.
What is Phishing?
One of the most common forms of cyber attack; the objective of phishing is generally, to acquire critical data in the form of passwords, credentials, credit card numbers and so on, by sending email, messages and links, disguised from sources which the victims have reason to trust.
The cyber criminal adopts a fake appearance as a trusted entity (legitimate company/person) in order to derive confidential information from random individuals by manipulating them. Phishing is made successful through different forms of user interaction.
This can be through instant messages or calls for acquiring sensitive data such as credit card information, emails containing malicious links resulting in download of risky attachments and so on.
Examples of Phishing
In this section, we shall look at some of the most common ways in which a phishing attack is carried out.
- Verification requests of personal data through malicious emails
- Emails using the offers of tax refunds to fool victims
- Emails or calls from recognized financial institutions like banks, asking for passwords, OTP or PIN
- The use of the phrase Click Here is quite common in such communication
- False emails claiming that a particular payment made by you has failed and hence try to force you to take a particular action
- There might be instances wherein you might be redirected to a fraudulent site upon entering the URL in the browser
Phishing Techniques
Phishing itself is a broad term which covers different types of phishing attacks on the basis of the kind of strategies and techniques employed by cyber criminals for reaching their victims.
Thus, when we try to understand what is the difference between phishing and pharming, it is important to make sense of the different forms of each of these two attacks.
Email Phishing
The phishing attack is carried out through malicious emails.
Spear Phishing
It is a form of phishing attack wherein the email is sent to specific targets such as specific individuals, business or organizations.
Whaling
Also known as CEO Phishing, this attack is essentially targeted towards business leaders or senior executives of organizations.
Cat Phishing
In this kind of phishing attack, the fraudster plays with the emotions of the victim in order to betray them for eliciting sensitive information. These types of attacks are generally initiated through dating sites.
Clone Phishing
This attack involves the act of creating a replica. The attacker clones/creates a replica of a legitimate or genuine email which an individual might have had received from an authentic source.
The forged email is identical to the genuine email and is sent from a spoofed email id. It does contain malicious content like a link which if clicked, results in the installation of malware in the victim’s system.
Want to know about Clone Phishing in full, refer to our blog on What is Clone Phishing?: Everything you Need to Know about a Clone Phishing Attack.
Angler Phishing
In this case, social media is used as the medium for executing a cyber attack. Attempt is to steal personal information posted on social media platforms and consequently force victims in divulging personal information.
Smishing
This attack makes use of text messages for tricking users. The messages usually involve phone numbers for the user to call or a link to a legitimate website which is controlled by the attacker.
Vishing
Vishing can be understood as a voice based phishing attack, meant to extract personal or financial information from the victims over a fraudulent phone call.
Phishing is often confused with another closely related cyber crime and that is spoofing. If you wish to understand the difference between them, do read our blog on Spoofing vs. Phishing: A Comparative Study
What is Pharming?
Pharming is a form of cyber attack which seeks to acquire sensitive personal information, especially financial credentials of users, by way of directing them to fake malicious websites created by the hacker.
In this process, the cyber criminal seeks to install a malicious code in the system of the victim which redirects them to fraudulent or spoofed websites.
A fake website does have an appearance of a legitimate one and it is deliberately created with the objective of stealing log-in credentials and capturing personally identifiable information (PII) like passwords, account number and so on.
Pharming takes advantage of the implementation and design flaws in Domain Name System (DNS) services for manipulating parts of the host and domain naming system, which results in redirecting user from one website to another.
If the server has been infected, then upon entering the web address, the user would simply be directed to the attacker?s website.
Examples of Pharming
- One common instance of pharming is a situation when an individual open their browser, enter the web address of their bank for the objective of conducting online banking. However, they are maliciously redirected to a fraudulent website.
- Any change in the DNS of the user?s router might affect the bank, but they may not be aware of this.
Pharming Techniques
Once again, it is important to note that Pharming can be conducted by employing an array of techniques and strategies. Some of these include:
- It might happen that a user receives a link through a spoofed email and on clicking it, they are directed to a malicious website.
- The victim might be the recipient of a request asking for confidential details or personal information.
- The victim might be directed to a spoofed website which looks like a legitimate one and is consequently requested to provide their credit card number or other banking information.
- Pharming generally employs either of the two strategies:
- It exploits the vulnerability in the DNS server software
- By way of changing the hosts file on the target?s computer
What is the difference between Phishing and Pharming?
Before we get into the difference between phishing and pharming, it is important to remember that both these cyber threats are forms of Internet scam which happen to have something to do with the Domain Name System (DNS).
Having said that, let us try to look at the difference between Phishing and Pharming Attacks.
- Phishing is a form of cyber attack which seeks to elicit sensitive personal information from the victims, via different means in the form of emails, messages, calls, and so on. Pharming can be regarded as being similar to phishing to the extent that it also seeks to acquire confidential data. However, it tries to do so through domain spoofing.
- While phishing generally tries to scam individuals one at a time through messages or emails; pharming facilitates cyber criminals to target a large group of people simultaneously. This is possible because, pharming simply redirects traffic from one website to a different fake and lookalike website.
- Fake links are a characteristic feature of phishing attacks. However, pharming predominantly negotiates on the DNS server and then surreptitiously redirects users to fraudulent websites, even if they would have entered the correct web addresses.
- Phishing can employ various techniques and on the basis of that can be of different types like: email phishing, spear phishing, clone phishing, vishing and so on. Pharming, essentially makes use of strategies like DNS spoofing, DNS hijacking and DNS cache poisoning for achieving data theft.
- Pharming is regarded to be trickier, more dangerous and more difficult to detect than phishing. This is fundamentally because pharming involves manipulation at the DNS level and users are redirected to fake websites which are identical replicas of legitimate ones, without any participation or prior knowledge of the victim.
Difference between Phishing and Pharming in Tabular form
In this section, we shall undertake a synoptic comparison on the issue of what is the difference between phishing and pharming.
Conclusion
By the end of this blog, I am pretty sure that you must be in a position to comfortably answer the question of what is the difference between phishing and pharming. The difference between phishing and pharming is often overlooked in many cases as pharming does involve certain characteristics of email phishing. However, there are clear distinctions between the two and the issue of difference between phishing and pharming attacks, is definitely a real one.
Being a Cyber Security expert is definitely one of the most in-demand professions within the tech domain. Being aware of different forms and types of Cyber attacks and threats is essentially a requisite for acquiring mastery in the discipline. We, at Syntax Technologies, provide you with the amazing opportunity in developing expertise in consonance with the demands of the Cyber Security domain. Moreover, you can avail this opportunity right from the comfort of your home. Enrol now for our Cyber Security course.
