
	Home > Ask the Security Channel Experts > Information Security Threats and Countermeasures Questions & Answers > Understanding the difference between phishing and pharming

Ask The Security Channel Expert: Questions & Answers

EMAIL THIS

Understanding the difference between phishing and pharming

EXPERT RESPONSE FROM: Retired Expert - Russell Dean Vines

		Pose a Question

		Other Security Channel Categories

		Meet all Security Channel Experts
		Become an Expert for this site

Digg This!

StumbleUpon

Del.icio.us

QUESTION POSED ON: 07 November 2006
How do phishing attacks differ from pharming attacks? Are pharming attacks still prevalent?

EXPERT RESPONSE

Phishing and pharming are generically both the same, in that the purpose of the exploit is to steal personal identity data and financial account credentials for monetary gain. According the Anti-Phishing Working Group, phishing attacks use both "social engineering and technical subterfuge" to get the goods. This means that spoofed emails trying to convince the email readers to enter their personal banking info, and spyware, such as Trojan keyloggers, are the mainstays of the phishing world.

While pharming is still considered a subset of phishing, it refers to a specific type of phishing using DNS hijacking or poisoning to redirect the user's browser to fraudulent sites or servers. Pharming was on the increase in 2005 but has decreased slightly this year due to increased diligence of domain controls, and is therefore employed less than the phishing exploits mentioned above. Protection from pharming, however, should still be offered in a comprehensive security approach.

Digg This!

StumbleUpon

Del.icio.us

RELATED CONTENT

	Information Security Threats and Countermeasures
	Security for mobile broadband
	Understanding smurf attacks
	What are the network security risks of streaming video?
	Spyware removal from computers
	Malware removal without antivirus software
	Threat matrix and risk analysis resources
	Blade server security on a storage area network (SAN)
	Blade server security hardware advice
	Cross-site scripting vulnerability penetration testing
	When should automated penetration testing be supplemented with manual pen testing?

Spam and Antispam

What is the future of antivirus or antimalware software?

Open source spam management for Outlook: SpamBayes

Email security appliances that fight phishers and spambots

Instant threat from instant messaging, and what some companies are doing about it

Spam growth fuels continued market for email security services

Spam botnets get smarter, target victims using personal data revealed on social networking sites

A review of Proofpoint's Messaging Security Gateway

Email threats: Educating your SMB customers

DNS blacklisting dangers demystified

Detect and filter spam: Three complementary antispam techniques

RELATED RESOURCES

2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems

Search Bitpipe.com for the latest white papers and business webcasts

Whatis.com, the online computer dictionary

Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.

Browse our Expert Advice
Operating Systems IT Management Networking Database	Security Servers and Storage Applications and Development Career Center

SEARCH

TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.


TechTarget Corporate Web Site \| Media Kits \| Reprints \| Site Map All Rights Reserved, Copyright 2006 - 2008, TechTarget \| Read our Privacy Policy