Friday 8th October 2021

BLOG: Pharming vs Phishing

Last year, Phishing and Pharming were among the top types of cybercrime most frequently reported worldwide. Pharming is a form of social engineering cyberattack that sees cybercriminals attempt to redirect unsuspecting internet users trying to reach a specific website to a different, phoney site that mimics the appearance of the legitimate site. This tactic allows cybercriminals to obtain personally identifiable information and login credentials, such as passwords, even sometimes extending to account numbers and more sensitive data.

Pharming normally occurs by installing malicious code on either a user’s machine or a DNS server, which then misdirects users to fraudulent websites without their knowledge or consent. Pharming exploits the mechanics of Internet browsing. A pharming attack that affected almost 50 multinational companies based in Europe, Asia, and the US was observed in 2007. the hackers successfully made similar, individual pages for each company so when the victims clicked on the site, the malicious code embedded in the link forced them to download a trojan horse malware into their systems, and the login information of multiple companies and their working staff was collected without their knowledge. This massive attack continued to wreak havoc for almost three days.

An example of a sophisticated pharming attack occurred in 2017 when more than 50 financial institutions found themselves to be the recipients of a pharming attack that exploited a Microsoft vulnerability, creating fraudulent websites that mimicked the bank sites targeted. The victims of this pharming attack were online customers based in the United States, Europe and Asia-Pacific. When these customers visited the replica sites created by the cybercriminals from their infected computers, their account login information was sent to the Russian servers. This pharming attacked infected roughly 3,000 computers over the course of three days.

Phishing and pharming are similar cybercrimes; however, phishing is a cybercrime in which those targeted are contacted via email, telephone or text message by a cybercriminal posing as a legitimate organisation to trick people into providing sensitive data like banking details and passwords. Phishing is a technique used by hackers to acquire your personal information by sending an email that is designed to look just like a legitimate email and is intended to trick you into clicking on a malicious link or attachment. The information is then used to access important accounts and can result in identity theft and financial loss.

It’s believed that 96% of phishing attacks arrive by email. Another 3% are carried out through malicious websites and just 1% via phone. In June, several media outlets reported a new yet confusing phishing tactic that consisted of cybercriminals curating a scam where victims are sent a cryptic email asking if they want to unsubscribe to an unnamed service.

The purpose of these types of phishing emails is to verify if the email addresses are valid and whether recipients are likely to respond to unsolicited messages. If recipients respond to these messages, the cybercriminals will then bombard them with spam messages. According to the FBI, phishing was the most common type of cybercrime in 2020 and phishing incidents nearly doubled in frequency, from 114,702 incidents in 2019 to 241,324 incidents in 2020. 

In honour of cybersecurity awareness month, we have compiled a list of tips to keep safe from phishing/pharming attacks:

  • Create a strong password for your home Internet
  • Create strong passwords and use a password manager that offers to auto-fill username and password fields for you when it detects a login page you’ve visited before. A caricatured website may look like a legitimate website, but a password manager won’t recognise a spoofed site and won’t offer auto-login credentials.
  • Use a good anti-malware program
  • Use two-factor verification where possible
  • Check to make sure the URL is spelt correctly.
  • Be sure the URL is secure and has “HTTPS” before the site name.
  • Notice any discrepancies from how the webpage usually looks
  • Analyse any strange activity surrounding your banking account

Get our latest cyber intelligence insights straight into your inbox

Fill out the short form below to subscribe to our newsletter so that you never miss out on our cyber intelligence insights and news.