Phishing vs Pharming: What’s the Difference?
Both pharming and phishing are types of attacks in which the goal is to trick you into providing
your personal details. A criminal will use both tactics to obtain your user names, passwords, and
potentially more. However, while their end goal is the same – their methods are different.
Phishing
Phishing is a technique used by hackers to acquire your personal information by sending an email
that is designed to look just like a legitimate email and is intended to trick you into clicking on a
malicious link or attachment.
Unfortunately, emails are not the only way phishers try to trick you, they can also send texts
(SMiShing), use voice messages (Vishing), and even send faxes (Phaxing) in their efforts to gain
access to your sensitive information.
It’s extremely important to know how to protect yourself from a phishing scam, as phishing
accounts for 91% of all incidents. In order to protect yourself and your organization from phishing
attacks follow these tips:
Make sure your operating system and your antivirus software are up-to-date
Hover over links in emails and on websites to verify the destination
Try typing in the website’s address rather than clicking a link from an email message
Always be cautious of sensational subject lines and language, like “Must Act Now!” or
contain spelling and grammar errors.
If an email simply looks suspicious, it’s best to delete it
Pharming
Pharming is the fraudulent practice of redirecting the users to a fake website that mimics the
appearance of a legitimate one, with the goal of stealing personal information such as passwords,
account numbers, and other personal information.
Pharming can occur even when you click an authentic link or type in the website URL yourself
because the website’s domain name system (DNS) has been hijacked by a cyber-criminal. Like a
phishing attack, pharming is dangerous because it’s difficult to recognize the dangers lurking on
the site causing many users to unknowingly hand over their personal information to the hackers.
So, how can you protect yourself against such a sneaky cyber-crime? Before transmitting sensitive
information on a website, be sure to remember the following tips:
Install a reliable security software or make sure your current software and system are up to
date
Make sure the site is on a HTTPS server
Look for the padlock in the corner of the screen
Check if the website is certified by an Internet Trust Organization
Check the website’s certificate and encryption levels
Access the website through its specific IP address rather than web name
� Recognising a Fake
1. Do you know the sender of the email? If yes, continue to be cautious before clicking a link. If
no, do not click any links.
2. Have you checked the link? Mouse over the link and check the URL. Does it look legitimate or
does it look like it will take you to a different website?
3. Does the email contain grammatical errors? If so, be suspicious.
4. Are there any attachments in the email? If so, do not click on the attachment before contacting
the sender to verify its contents.
5. Does the email request personal information? If so, do not reply.
6. If you have a relationship with the company, are they addressing you by name?
Vishing
Unfortunately, phishing emails are not the only way people can try to fool you into providing
personal information in an effort to steal your identity or commit fraud. Fraudsters also use the
phone to solicit your personal information. This telephone version of phishing is sometimes
called vishing. Vishing relies on “social engineering” techniques to trick you into providing
information that others can use to access and use your important accounts. People can also
use this information to assume your identity and open new accounts.
To avoid being fooled by a vishing attempt:
If you receive an email or phone call requesting you call them and you suspect it might be a
fraudulent request, look up the organization’s customer service number and call that number
rather than the number provided in the solicitation email or phone call.
Forward the solicitation email to the customer service or security email address of the
organization, asking whether the email is legitimate.
Though Vishing and its relative, phishing, are troublesome crimes and sometimes hard to
identify, here are some tips from the FTC to protect your identity.
Smishing
Just like phishing, smishing uses cell phone text messages to lure consumers in. Often the text
will contain an URL or phone number. The phone number often has an automated voice
response system. And again, just like phishing, the smishing message usually asks for your
immediate attention.
In many cases, the smishing message will come from a "5000" number instead of displaying an
actual phone number. This usually indicates the text message was sent via email to the cell
phone, and not sent from another cell phone.
Do not respond to smishing messages.
