Phishing and pharming are generically both the same, in that the purpose of the exploit is to steal personal identity data and financial account credentials for monetary gain. According the Anti-Phishing Working Group, phishing attacks use both "social engineering and technical subterfuge" to get the goods. This means that spoofed emails trying to convince the email readers to enter their personal banking info, and spyware, such as Trojan keyloggers, are the mainstays of the phishing world.
While pharming is still considered a subset of phishing, it refers to a specific type of phishing using DNS hijacking or poisoning to redirect the user's browser to fraudulent sites or servers. Pharming was on the increase in 2005 but has decreased slightly this year due to increased diligence of domain controls, and is therefore employed less than the phishing exploits mentioned above. Protection from pharming, however, should still be offered in a comprehensive security approach.
Dig Deeper on Cybersecurity risk assessment and management
Related Q&A from Russell Dean Vines
A smurf attack can slow down a network to the point of shutting it down completely. Learn how to understand a full-scale smurf attack and how to ... Continue Reading
Streaming video and audio sites are frequently visited on both home computers and work computers. Learn about streaming video security risks and what... Continue Reading
There are many resources available to help value-added resellers compile a threat matrix and perform risk analyses. Continue Reading