Difference Between Phishing and Pharming

The main difference between phishing and pharming is that in phishing, the attacker sends a trustworthy looking email to the user to mislead him and obtain his credentials while in pharming, the attacker changes IP addresses of the DNS server to direct the users to a fake website.

Users access social websites, banking websites, auction sites and perform online payments via the World Wide Web (WWW). There are various activities which allow unauthorized parties to access the user’s information. Phishing and pharming are two of them. In phishing, the attackers send emails to the users appearing as legal organizations. They mislead the users and obtain their sensitive details. On the other hand, pharming misdirects the users to a fake website even though the user typed the website name correctly. Phishing and Pharming are growing threats that occur in online businesses.

Key Areas Covered

1. What is Phishing
     – Definition, Functionality
2. What is Pharming
     – Definition, Functionality
3. Difference Between Phishing and Pharming
    – Comparison of Key Differences

Key Terms

Pharming, Phishing

Difference Between Phishing and Pharming - Comparison Summary

What is Phishing

Phishing is a method used by unauthorized parties to obtain sensitive information such as username, password and credit card details of the user. They use this information for malicious reasons by appearing as a trustworthy entity. This mainly occurs via emails.

Most users perform online transactions and have accounts with sensitive information. Online business transactions are safe as long as the user communicates with the trusty organizations. But the attackers can mislead the users by appearing as trustworthy business organizations. They can trick the users to enter their details such as PIN numbers, passwords, and account numbers.

For example, a user can receive an email which looks like a trustworthy message from his bank. It has a link to click. So, the user clicks on that link and type his account number and password. In this way, the attacker can obtain the user’s details. Though the email appeared to be sent by the bank, it was sent from an unauthorized party. Phishing emails have the same phone numbers, addresses, logos that appear on the bills and statements. It also can contain misspelled words.

Difference Between Phishing and Pharming

The users should have an awareness to avoid phishing. They should not click on the links of suspicious emails. If an email leads the user to a website, it is important to check the web address. If the user gets to know that unauthorized parties have his details, he should immediately inform the organizations where he has accounts. Furthermore, he can install anti-phishing software, and check online accounts and credit reports constantly.

What is Pharming

Pharming directs the user to a fake site. DNS stands for Domain Name Server, and it is responsible for assigning names to the IP addresses. In Pharming, the hackers change the IP addresses stored in the DNS server. Therefore, when the user visits a website, it will direct the user to a fake website controlled by the attacker. This website will ask the user to provide his personal credential details. The user who assumes that the visited site is legal will provides the details.

Main Difference - Phishing vs Pharming

Pharming mainly occurs in business hosting e-commerce and online banking websites. There is anti-pharming software to protect against pharming. Usual antivirus software and spyware removal software does not provide much protection against pharming.

Difference Between Phishing and Pharming

Definition

Phishing is the fraudulent attempt to obtain sensitive information of a user for malicious reasons by disguising as a trustworthy entity in electronic communication. Pharming is a cyber-attack that redirects website traffic to a fake site. 

Functionality

In phishing, the attacker sends a genuine-looking email to the user to mislead him and to obtain his details. In pharming, the attacker changes the IP addresses stored in the DNS server and directs the users to fake websites.

Number of Users

While phishing targets individual computer user at a time, pharming targets a large number of users at a time.

Complexity

Pharming is more complex and difficult to detect than phishing.

Prevention

Users can install anti-phishing software and check online accounts and credit reports constantly to avoid phishing. Securing the DNS server and using anti pharming tools are some methods to prevent pharming.

Conclusion

Phishing and Pharming are two activities that cause threats to the user’s information. Phishing relies on the user clicking the link in the email. Pharming actually redirects the user to a fake website despite the user typing the correct website.  The difference between phishing and pharming is that in phishing, the attacker sends a trustworthy looking email to the user to mislead him and obtain his credentials while in pharming, the attacker changes IP addresses of the DNS server to direct the users to a fake website.

Reference:

1. What Is Phishing?, Safety in Canada, 3 Feb. 2014, Available here.
2. Pharming, nazsti241, 2 Apr. 2009, Available here.

Image Courtesy:

1. “3390518” (CC0) via Pixabay
2. “Cyber Security Security Network Hacking Internet” (CC0) via Maxpixel

About the Author: Lithmee

Lithmee holds a Bachelor of Science degree in Computer Systems Engineering and is reading for her Master’s degree in Computer Science. She is passionate about sharing her knowldge in the areas of programming, data science, and computer systems.

Leave a Reply