Understanding the difference between phishing and pharming
Both phishing and pharming involve the theft of personal identity data and financial account credentials, but there are subtle differences between them, and you should know what they are.
Phishing and pharming are generically both the same, in that the purpose of the exploit is to steal personal identity data and financial account credentials for monetary gain. According the Anti-Phishing Working Group, phishing attacks use both "social engineering and technical subterfuge" to get the goods. This means that spoofed emails trying to convince the email readers to enter their personal banking info, and spyware, such as Trojan keyloggers, are the mainstays of the phishing world.
While pharming is still considered a subset of phishing, it refers to a specific type of phishing using DNS hijacking or poisoning to redirect the user's browser to fraudulent sites or servers. Pharming was on the increase in 2005 but has decreased slightly this year due to increased diligence of domain controls, and is therefore employed less than the phishing exploits mentioned above. Protection from pharming, however, should still be offered in a comprehensive security approach.
Dig Deeper on Cybersecurity risk assessment and management
-
![]()
HMRC investigates over 10,000 Covid-19 phishing reports
By: Alex Scroxton
-
![]()
Phishing protection: Keep employees from getting hooked
By: Sharon Shea
-
![]()
Lateral phishing used to attack organisations on global scale
By: Warwick Ashford
-
![]()
The top 3 email security threats and how to defuse them
By: Peter Loshin
