Ask the Expert

Phishing vs. Pharming attacks

How do phishing attacks differ from pharming attacks? Are pharming attacks still prevalent?

    Requires Free Membership to View

Phishing attacks typically involve an attacker sending emails that appear to be from an e-commerce company, in attempt to trick recipients into going to a malicious, imposter Web site and providing their sensitive information. Phishers build their imposter Web sites to look like the real Web site, and try to disguise links to their imposter sites so they seem legitimate to the unsuspecting victim.

While they are related, pharming attacks are indeed different. Pharming is when an attacker tricks a DNS server into caching a bogus entry for a domain name for an e-commerce site. Then when a user types the domain name for that site into a browser, the DNS server provides a cached record of an evil site. The user is "pharmed" via DNS cache poisoning.

Unlike phishing attacks, email is usually not involved in pharming attacks because the attackers use real domain names, not disguised or obfuscated URLs. They poison the DNS server and force it to direct those genuine domain names to attacker controlled IP addresses.

From February 2005 to August 2005, we saw a large number of pharming attacks, due to common misconfigurations of DNS servers that made them accept the poison. While we still see a trickle of pharming attacks today, most DNS servers have improved their poisoning defenses, thereby lowering the incident of attacks. Don't be fooled, though, they are still out there and we need to be diligent. If you run a Windows-based DNS server, make sure you have selected the "Secure Cache Against Pollution" option in the configuration GUI (the default for recent versions of Windows DNS server). Also, never use Windows DNS servers configured to forward requests through BIND 4 or 8. Windows DNS servers acting as forwarders should always go through BIND 9, which can cleanse potentially poisoned records.

MORE INFORMATION:

  • Help your organization avoid a phishing attack.
  • Learn how to secure your email systems; visit our Email Security All-in-One Guide.
  • Learn how attackers are using VoIP to solicit phone phishing scams.

This was first published in July 2006

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: