Phishing and pharming are generically both the same, in that the purpose of the exploit is to steal personal identity data and financial account credentials for monetary gain. According the Anti-Phishing Working Group, phishing attacks use both "social engineering and technical subterfuge" to get the goods. This means that spoofed emails trying to convince the email readers to enter their personal banking info, and spyware, such as Trojan keyloggers, are the mainstays of the phishing world.
While pharming is still considered a subset of phishing, it refers to a specific type of phishing using DNS hijacking or poisoning to redirect the user's browser to fraudulent sites or servers. Pharming was on the increase in 2005 but has decreased slightly this year due to increased diligence of domain controls, and is therefore employed less than the phishing exploits mentioned above. Protection from pharming, however, should still be offered in a comprehensive security approach.
This was first published in November 2006