Introduction to Phishing and Pharming
Posted in Security on October 10th, 2010 by Rachael
Phishing and Pharming are two social engineering techniques used to deceive users out of personal information. While both are concerned with obtaining personal information from unsuspecting victims, the way phishing and pharming are performed is slightly different.
Phishing
Phishing employs social engineering and technical trickery to obtain confidential information (e.g. bank account details) from victims [1]. Users exposed to a phishing scheme can be tricked because the attackers, often called phishers, “impersonate” an organisation the user trusts [2]. The phisher can then use their disguise as a trusted organisation to obtain confidential information from the user [3]. Some of the methods to do this include redirecting users to counterfeit websites owned by the phisher, hijacking user sessions, embedding malicious code in legitimate websites, installing key loggers on users’ computers and even simply emailing users and asking for their details [1].
Pharming
Pharming is a more advanced form of phishing where the attacker “subverts the domain-name lookup system”, causing queries for a legitimate website (e.g. www.google.com) to “return an attacker-controlled IP address” [4]. Pharming is particularly dangerous because it allows the pharmer to reach “wider audiences with less probability of detection” compared to typical phishing attacks [2].
References
[1] B. Mohamad, E.-S. Samer, and H. Ibrahim, “Phishing attacks and solutions,” in Proceedings of the 3rd international conference on Mobile multimedia communications Nafpaktos, Greece: ICST (Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering), 2007.
[2] G. Ollmann, “The Phishing Guide,” Next Generation Security Software Ltd., Sutton 2004.
[3] W. Knight, “Caught In The Net,” IEE Review, vol. 51, pp. 26-30, 2005.
[4] K. Chris, S. Umesh, J. D. Tygar, and W. David, “Dynamic pharming attacks and locked same-origin policies for web browsers,” in Proceedings of the 14th ACM conference on Computer and communications security Alexandria, Virginia, USA: ACM, 2007.
