Last year, Phishing and Pharming were among the top types of cybercrime most frequently reported worldwide. Pharming is a form of social engineering cyberattack that sees cybercriminals attempt to redirect unsuspecting internet users trying to reach a specific website to a different, phoney site that mimics the appearance of the legitimate site. This tactic allows cybercriminals to obtain personally identifiable information and login credentials, such as passwords, even sometimes extending to account numbers and more sensitive data.
Pharming normally occurs by installing malicious code on either a user’s machine or a DNS server, which then misdirects users to fraudulent websites without their knowledge or consent. Pharming exploits the mechanics of Internet browsing. A pharming attack that affected almost 50 multinational companies based in Europe, Asia, and the US was observed in 2007. the hackers successfully made similar, individual pages for each company so when the victims clicked on the site, the malicious code embedded in the link forced them to download a trojan horse malware into their systems, and the login information of multiple companies and their working staff was collected without their knowledge. This massive attack continued to wreak havoc for almost three days.
An example of a sophisticated pharming attack occurred in 2017 when more than 50 financial institutions found themselves to be the recipients of a pharming attack that exploited a Microsoft vulnerability, creating fraudulent websites that mimicked the bank sites targeted. The victims of this pharming attack were online customers based in the United States, Europe and Asia-Pacific. When these customers visited the replica sites created by the cybercriminals from their infected computers, their account login information was sent to the Russian servers. This pharming attacked infected roughly 3,000 computers over the course of three days.
Phishing and pharming are similar cybercrimes; however, phishing is a cybercrime in which those targeted are contacted via email, telephone or text message by a cybercriminal posing as a legitimate organisation to trick people into providing sensitive data like banking details and passwords. Phishing is a technique used by hackers to acquire your personal information by sending an email that is designed to look just like a legitimate email and is intended to trick you into clicking on a malicious link or attachment. The information is then used to access important accounts and can result in identity theft and financial loss.
It’s believed that 96% of phishing attacks arrive by email. Another 3% are carried out through malicious websites and just 1% via phone. In June, several media outlets reported a new yet confusing phishing tactic that consisted of cybercriminals curating a scam where victims are sent a cryptic email asking if they want to unsubscribe to an unnamed service.
The purpose of these types of phishing emails is to verify if the email addresses are valid and whether recipients are likely to respond to unsolicited messages. If recipients respond to these messages, the cybercriminals will then bombard them with spam messages. According to the FBI, phishing was the most common type of cybercrime in 2020 and phishing incidents nearly doubled in frequency, from 114,702 incidents in 2019 to 241,324 incidents in 2020.
In honour of cybersecurity awareness month, we have compiled a list of tips to keep safe from phishing/pharming attacks:
Create a strong password for your home Internet
Create strong passwords and use a password manager that offers to auto-fill username and password fields for you when it detects a login page you’ve visited before. A caricatured website may look like a legitimate website, but a password manager won’t recognise a spoofed site and won’t offer auto-login credentials.
Use a good anti-malware program
Use two-factor verification where possible
Check to make sure the URL is spelt correctly.
Be sure the URL is secure and has “HTTPS” before the site name.
Notice any discrepancies from how the webpage usually looks
Analyse any strange activity surrounding your banking account
Get our latest cyber intelligence insights straight into your inbox every week
Fill out the short form below to subscribe to our newsletter so that you never miss out on
our cyber intelligence insights and news.
Privacy Overview
This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.
Orpheus is a leading cybersecurity company that offers predictive and actionable intelligence to clients, enabling them to anticipate, prepare for, and respond to cyber threats. Our threat intelligence is used to create threat-led cyber risk ratings, providing a more accurate assessment of risk than just analysing an organisation’s attack surface. Products include; External attack surface management, risk-based vulnerability management, third-party supply chain risk management and cyber threat intelligence.
Strictly Necessary Cookies
These cookies are strictly necessary to provide you with services available through our website and to use some of its features. These must be enabled at all times, so that we can save your preferences.
Orpheus is a leading cybersecurity company that offers predictive and actionable intelligence to clients, enabling them to anticipate, prepare for, and respond to cyber threats. Our threat intelligence is used to create threat-led cyber risk ratings, providing a more accurate assessment of risk than just analysing an organisation’s attack surface. Products include; External attack surface management, risk-based vulnerability management, third-party supply chain risk management and cyber threat intelligence.
If you do not enable Strictly Necessary Cookies, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.
Orpheus is a leading cybersecurity company that offers predictive and actionable intelligence to clients, enabling them to anticipate, prepare for, and respond to cyber threats. Our threat intelligence is used to create threat-led cyber risk ratings, providing a more accurate assessment of risk than just analysing an organisation’s attack surface. Products include; External attack surface management, risk-based vulnerability management, third-party supply chain risk management and cyber threat intelligence.
3rd Party Cookies
This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages.
Keeping this cookie enabled helps us to improve our website.
Orpheus is a leading cybersecurity company that offers predictive and actionable intelligence to clients, enabling them to anticipate, prepare for, and respond to cyber threats. Our threat intelligence is used to create threat-led cyber risk ratings, providing a more accurate assessment of risk than just analysing an organisation’s attack surface. Products include; External attack surface management, risk-based vulnerability management, third-party supply chain risk management and cyber threat intelligence.
Please enable Strictly Necessary Cookies first so that we can save your preferences!
Orpheus is a leading cybersecurity company that offers predictive and actionable intelligence to clients, enabling them to anticipate, prepare for, and respond to cyber threats. Our threat intelligence is used to create threat-led cyber risk ratings, providing a more accurate assessment of risk than just analysing an organisation’s attack surface. Products include; External attack surface management, risk-based vulnerability management, third-party supply chain risk management and cyber threat intelligence.
Orpheus is a leading cybersecurity company that offers predictive and actionable intelligence to clients, enabling them to anticipate, prepare for, and respond to cyber threats. Our threat intelligence is used to create threat-led cyber risk ratings, providing a more accurate assessment of risk than just analysing an organisation’s attack surface. Products include; External attack surface management, risk-based vulnerability management, third-party supply chain risk management and cyber threat intelligence.
Request Demo Access
Fill out your details below and we'll be in touch to arrange demo access for you as soon as
possible.