While phishing and pharming did not gain momentum until the mid-2000’s, they have been a force to be reckoned with since they first made waves on the Internet. According to a case study by Wombat Security, two-thirds of the organizations they studied have experienced targeted and personalized phishing attacks. But phishing scams do not discriminate; even if you are not a big organization, chances are you’ve come across a phishing scam. No one is spared from potentially becoming a victim of financial or identity theft. To avoid falling prey to such scams, understanding the history and the differences between phishing and pharming can be helpful in protecting yourself and your website.
Just like how a fisherman uses a bait to reel in his catch, a “phisher” uses emails and fake links to masquerade his or her true identity and lure victims into unknowingly giving away personal information. One of the first instances of phishing scams occurred in 1995 and targeted America Online (AOL), an early Internet pioneer that provided dial-up services, e-mail and instant messaging to millions of Americans.
These primitive phishers used email and instant messaging to trick users into voluntarily handing over their AOL passwords. A prime example includes a “mailbox expired” phishing scam that claims users’ AOL mailboxes have expired and as a result accounts will be labelled as “pending” until users click on a link to validate their accounts. This link likely goes to a fake login page where hackers await to capture the account information that users input. After taking over accounts, hackers can send spam and phish from those users’ networks, growing their reach exponentially.
Phishers quickly learned that they could do more than simply distribute spam. In the next wave of phishing, tactics catered to financial prospects. By sending “update your billing information” scam emails, hackers could exhort credit card information, bank account details, and even social security numbers. Since then, the stakes have risen and phishing has evolved alongside hacking trends to incorporate malware such as ransomware.
As a result, it’s no wonder we have seen the rise of new social engineering tactics with names like spear phishing, smishing, pharming, and whaling to distinguish the differences. This blog post will focus on differentiating between phishing and pharming. Phishers “fish” for their victims with a bait typically through emails that lead to bogus websites. In contrast, pharmers go big by “herding” a large pool of unsuspecting Internet users to a bogus website by comprising what is known as the DNS.
The DNS factor
The difference between phishing and pharming begins with an understanding of the DNS (Domain Naming System), which is the vector that hackers utilize to carry out pharming scams.
Phishing works by using spoofed sites that appear to be legitimate entities or official company websites to exhort confidential information. On the other hand, pharming doesn’t rely on a bait in the form of a fake link to lure victims. Instead, “pharmers” compromise the DNS server level and redirect victims to the bogus website regardless if a legitimate web address was typed correctly. For example, when a hacker launches an effective DNS cache poisoning attack, he or she is changing the fundamental rules of how web traffic flows to that targeted site. Other techniques include DNS hijacking, DNS spoofing, or DNS cache poisoning, all which affect and alter the DNS.
So what is the DNS? To fetch a page, a browser needs to locate the web server that contains the requested page by relying on a system of numerical addresses (IP addresses). However, these numerical addresses don’t stick well in human memory and so DNS was developed to map alphabetical domain names, in which the average user can easily remember, to IPs. Without the DNS, much of today’s online businesses would simply not function.
At the root of it, phishing and pharming are simply online-based scams that utilize social engineering tactics and deception. Both utilize bogus or spoofed websites to ultimately steal confidential information for malicious intent. However, pharming takes it a step further by compromising the DNS and removing the need for victims to believe in a fake entity before reaching the illegitimate site.
How to protect yourself against phishing and pharming
Regardless of their differences, phishing and pharming scams all lead to the same fate: loss of confidential data for malicious use. The following guidelines offer effective measures in protecting yourself and your website against phishing and pharming scams:
- Check the wording. Phishing emails often follow a similar format. Crafted to compel victims with a sense of urgency to take a specific action such as wiring money or clicking a link, these fraudulent emails can also be identified by apparent grammar mistakes or an overuse of exclamation marks. Everyone makes mistakes, but a legitimate corporation is very unlikely to let spelling, grammar, and or legality issues fly in professional emails.
- Check for a valid URL. Wait until the page fully loads to check the URL address in its entirety and ensure that the URL is valid. Oftentimes, bogus websites will switch around letters making it difficult to tell the difference between a legitimate site and an illegitimate one. (Do you see a difference between “rn” and “m”?) Fake subdomains have also become a popular tactic, so use tools like WHOIS lookup to see who really owns the domain.
- Ensure HTTPS is enabled. DNS spoofing will generally not work on HTTPS websites. Even if a hacker manages to spoof a website and redirect a server to his or her control, it is no use if the user visits the HTTPS version of the website since an SSL connection cannot be made with the fake site.
- Adopt WAF (Web Application Firewall) and antivirus software. Installing an antivirus software can be helpful in protecting against phishing and pharming scams by blocking insecure websites. But if you’re a website owner, getting a trustworthy WAF will block out malicious traffic and prevent hackers from defacing your site. (Read more to find out how Cloudbric can help in protecting against phishing and pharming.)
Phishing and pharming scams have nevertheless proved to be effective, and it doesn’t seem like they will go away anytime soon despite collaborative efforts to report known scams. With the commercialization of cybercrime tools, technical expertise for phishing and pharming scams can easily be outsourced or purchased in the form of readily available kits. Staying protected requires you to rely on more than just common sense; with the tax season quickly approaching, stay informed and follow the above guidelines to minimize your risk of becoming a potential victim of data or identity theft.