Difference Between Phishing and Pharming
Phishing is sending somebody a fake email and asking him to share sensitive information such as username, password, bank details, etc. The phishing website is totally unauthentic. On the other hand, the pharmers usually hack the Domain Name System (DNS) of a genuine website in pharming. The user opens an imposter site which is a replica of the real website. Phishing is a more commonly committed crime, whereas pharming does not occur very frequently. In this article, we will see about phishing and pharming.
You must be aware of the threats regarding cybercrime. These days, hackers have become very shrewd and are resorting to new techniques for stealing confidential information from personal computers and laptops. One of the methodologies adopted to achieve the unlawful act is Phishing. It is an illegal procedure through which a hacker or any person secretly acquires information about confidential/sensitive subjects. It may be a username, password or credit/ debit card details, etc. Phishing is said to be a part of cybercrime. It is to be remembered that the intention of acquiring sensitive information is malignant.
The aim of committing such a crime is to victimize the consumers by sending fraudulent emails containing the virus. As such, the phisher sends bulk emails that may seem to be authentic in the first instance. For example, people may get emails that inform them of a lottery prize from a bank or any other renowned company. The sender usually asks for your personal information such as name, address, phone number, email and most importantly, your bank details. Of late, phishing has become quite common, victimizing a number of people in the process.
However, various measures have been undertaken to curb this cyber threat, such as making people aware and cautious of such fraud emails and not trusting them blindly, offering to train to users to tackle such incidents, improving the websites’ security level legislation and much more. Phishing comes within the category of social engineering, and as such, it has also targeted social media websites like Facebook, YouTube or Twitter to swindle the users.
Advent of Phishing
The first major target of the phishers was American Online Accounts (AOL). They wanted to get information on the accounts secretly. They introduced themselves as AOL employees to their target victims and sent messages requesting the latter to submit their login and password with that intent in mind. Once the user fell into their trap, it became easy to fulfill their evil intention. They got engaged in a number of cyber-related crimes such as sending bulk spam emails, software containing malware and so on.
Taking a step further in this process, they resorted to some other illegal activities like encouraging the internet users to browse fake websites whose URL was not legitimate. In fact, they also took undue advantage of the grammatical and spelling mistakes. With the passage of time, the phishing business became technologically advanced, and it became very difficult for the authorities to detect the errors. But it is a matter of grave concern that several governmental and military websites are being targeted through phishing with the aim of stealing confidential information.
Loss of Wealth Every Year
It is unfortunate that many financial institutions such as banks, renowned and trusted companies, and even governments are incurring huge losses per year due to phishing’s illicit activity. The loss has been estimated at billions.
Detailed Categorization of Phishing Techniques
Now it is important for you to understand the different types of phishing techniques that hackers usually adapt to deceive the users. This will help you remain alert and attentive if you come across any such incident in the near future. In any case, do not respond to any such mail which claims to turn you into a millionaire overnight. Some of the important types of phishing techniques include-
When the phishers or hackers aim to target the senior executives and other high ranked officials of a well-reputed company such as Chairman, CEO or CFO, this activity is referred to as the whaling. A simple example can explain it. It is usually written to the higher authorities with a false claim regarding the company’s concern. The content of the email is usually some kind of customer complaint. The hackers can send a URL and request the authority to download and install the software so that they can view the subpoena. Therefore, the company management needs to be very careful about such emails to not be trapped in the net. This can lead to financial loss for the company.
2. Filter Evasion
Filter Evasion is a new method developed by the Phishers to perpetuate their unlawful activity. In this procedure, they make use of the pictures or photos rather than the text. This technique has been developed to challenge the anti-phishing authorities who identify fraud emails or spam. However, advanced technology has introduced medicines to combat such diseases. It has launched a more modernized version of anti-phishing filters to detect such images using Optical Character Recognition (OCR). On the other hand, these authorities also use Intelligent Word Recognition (IWR) to identify the cursive and various handwriting styles. However, this technique will not substitute OCR.
3. Spear Phishing
These types of phishing techniques are conducted with intending to attack individual users or even a company. In fact, it has been recognized as one of the most common phishing processes in recent times. Hackers aim to gather the personal information of persons through fake emails. However, beware of any such email from an unknown person.
4. Link Manipulation
This is a kind of technical sham wherein a fraud email will ask to click on a link to a spoofed website of any bogus company. However, when you open the URL, you won’t doubt that it is a phished website. The hackers conduct this illegal act either by using wrong spellings on the link or by using a false sub-domain to trap their prey. When you open a particular page on a site, it seems that you are viewing that specific page, but the truth is that it is linked up with some other website. In addition, you must have come across emails that show where the link will take you further. The phishers also take advantage of some international domain names, which are tough to identify.
5. Phone Phishing
Phone phishing techniques are yet another common methodology that does not require any internet connection to commit the crime. The phishers first identify their victims and then make fake phone calls, especially posing themselves as bank managers or their staff. They usually befool people by saying that their bank account has developed a problem, and they ask for complete banking info, including the credit or debit card details and pin number. They get an IP during the conversation and then take out all money from the person’s account, leaving him bankrupt. Therefore, never share your banking details with an unknown person over the phone.
6. Clone Phishing
As the name suggests, it is a cyberattack on the website conducted with the help of an email or any link. The phishers often target a genuine email that was previously active. They develop an identical clone of that mail or link and replace it with the pirated version containing malware. Now they will send an email to their target from the forged id, and the user presumes that it is an original email. The hackers usually use a computer or laptop that is infected with the virus to complete their malicious intentions.
7. Website Forgery
8. Covert Redirect
Covert Redirect is one of the phishing techniques through which these shrewd hackers get personal information from the victims when they later visit their fake websites. However, this can only be done with the user allows authorizing the app on the site. When you do so, the phishers get a token from the accessibility to confidential information becomes very easy.
Aside from these phishing techniques, the phishers can adopt for some other methods too. These include Evil Twins, Tab nabbing and getting bank details information.
Now let us discuss pharming. In simple terms, it is described as a type of cybercrime in which the web traffic of a genuine site is transported to another malicious website. This kind of cyber attack is more associated with the technical aspects. In this case, the host’s file on the victim’s computer can be altered. The attackers can also take advantage of the drawback of DNS server software. Pharming becomes easier if the attackers get access to a computer system that is not secured. Therefore, computers installed at home can be easily targeted in comparison to the corporate systems having a protected server.
As phishing has been derived from the word ‘fishing’ similarly, pharming has been derived from the term farming. According to the latest reports, both phishing and pharming have become one of the major looming threats for the internet and cyber world. Pharming basically victimizes online businesses such as E-Commerce websites and transactions via the internet. However, a few steps were initiated to curtail this malignant act by introducing antivirus software or spyware removal, but, unfortunately, nothing proved to be effective.
Home Based Servers are Easy Targets
Home-based servers and personal computers are vulnerable and unprotected, and thus, they easily come on the radar of the pharmers. There are a number of techniques using which the hackers can pharm, but the most common is using the DNS cache poisoning method. The name of the website can be converted into digits that can be decoded with the machine’s help. For instance, www.product.com becomes a series of numerical like180.172. 1.1. This can pose bigger threats. One of the major reasons which make desktops easily vulnerable is their poor administration.
However, the concern does not end over here itself, but some other vital drawbacks certainly need to be pointed out. Often people compromise on the local network router. You need to understand that routers have a major role to play as far as cybersecurity is concerned. But if it is not a genuine router, then it can spoil the DNS information. In such a circumstance, the pharmer will take control of the DNS server, and all information will pass on to this illegal or bad server.
Another problem that may prop up is the change of firmware by the routers. In that scenario, the authorities will find difficulty in tracing the attacker. This is because the replaced firmware almost resembles the same, including the administration page, settings, etc.
A Few Incidents of Pharming
A few major instances of pharming attacks were reported, and they came into the limelight. One such incident was the hacking of New York ISP’s domain name, and it was linked with a website in Australia. However, no such financial loss was reported. It occurred in January 2005.
In yet another incident, a complaint was lodged against a bank in Mexico indulged in pharming activity. The complainant was Symantec, and it took place in January 2008. According to the report, DNS settings were altered from a customer’s computer at home after getting an email from Spain.
Conclusion – Phishing and Pharming
In phishing and pharming both are serious menace to the internet and cybersecurity. Although the software has been developed and new techniques are being introduced to eliminate such crimes, but people need to be aware, alert and attentive when they are using the internet in any form. Do not get trapped easily in the trap of these attackers.
This is a guide to the top differences between Phishing and Pharming. Here we also discuss the Phishing and Pharming key differences. detailed categorization of phishing techniques with few incidents of pharming. You may also have a look at the following articles to learn more –