What’s The Difference Between Pharming & Phishing?
Phishing is bad enough, but pharming is worse, because it takes it a stage further.
Phishing emails, or indeed, phishing instant messages, are designed to entice the recipient onto a fraudulent site which then encourages you to enter your personal details. The person that’s controlling the fraudulent website usually then sells those personal details to another bunch of crooks who then syphon off your bank account.
Now, with pharming, there is an extra layer of sophistication. It’s basically phishing by stealth.
The problem for a phisher, is that it’s a little too crude sending an email asking someone to connect with a link.
With pharming tactics, all you have to do is open an email from the phisher and the damage is done. The phishers do this by stealing the tactics form the guys that plant the viruses.
Now, what happens is that you have been infiltrated by a trojan. This might have happened at any time and without your knowledge, but the trojan will sit there biding its time until you open the email from the phisher. He knows that the trojan might be there sitting there and once the email is open, the trojan activates and a script opens. This line of code is basically a command which instructs your browser, the next time it opens and when you try to open your bank site, or merchandising site, to redirect you to their spoof site. And there they proceed to trick you into giving them your personal details.
So, pharming is just a cleverer way of phishing.
And in case you’re wondering all about the manpower that these attacks create, don’t feel sorry for the phishers and pharmers. The problem with the internet and networked computers, is that the trojan can not only be easily hidden, but easily distributed. So, a hacker might write a line of code that will deceive your browser, or create and issue spam emails. His next problem is distribution, but he relies on creating a botnet of zombie computers.
He finds a weak spot – say an unprotected networked computer – and he’s in. His trojan moves rapidly around the network, creating the botnet and sitting on individual computers (now known as zombies) that have no knowledge the virus is there. At the appointed time the trojan wakes up, redirects a web browser, or sends out thousands of phishing emails from the zombie computer mailboxes.
That’s why the authorities have such a problem tracking down cyber criminals. The actual person committing the crime is so far removed from the incident, there is rarely a link back.
And as it’s all so automated, when the trojan breaks cover, it’s nearly impossible to find the person behind it. Certain computer companies have been prosecuted, but these tend to be organisations which masquerade as genuine direct marketing companies and cover their techniques as a legimate business tactic.
But whether you are at the bad end of a phishing, or pharming attack, the results are the same: theft. And you can guarantee the hackers will be thousands of miles away, way out of the reach of the authorities.
What’s the Difference Between Pharming and Phishing – Recap
- pharming is phishing by stealth;
- pharming tactics are automated and trojans easily distributed;
- criminals are thousands of miles away.