Understanding the difference between phishing and pharming
Both phishing and pharming involve the theft of personal identity data and financial account credentials, but there are subtle differences between them, and you should know what they are.
Phishing and pharming are generically both the same, in that the purpose of the exploit is to steal personal identity data and financial account credentials for monetary gain. According the Anti-Phishing Working Group, phishing attacks use both "social engineering and technical subterfuge" to get the goods. This means that spoofed emails trying to convince the email readers to enter their personal banking info, and spyware, such as Trojan keyloggers, are the mainstays of the phishing world.
While pharming is still considered a subset of phishing, it refers to a specific type of phishing using DNS hijacking or poisoning to redirect the user's browser to fraudulent sites or servers. Pharming was on the increase in 2005 but has decreased slightly this year due to increased diligence of domain controls, and is therefore employed less than the phishing exploits mentioned above. Protection from pharming, however, should still be offered in a comprehensive security approach.
Dig Deeper on Cybersecurity risk assessment and management
-
Lateral phishing used to attack organisations on global scale
By: Warwick Ashford
-
The top 3 email security threats and how to defuse them
By: Peter Loshin
-
Phishing threats still dwarf vulnerabilities, zero-days
By: Rob Wright
-
NotPetya attack cost up to £15m, says UK ad agency WPP
By: Warwick Ashford
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.
Meet all of our IT Channel experts
View all IT Channel questions and answers
Start the conversation
0 comments