What’s the difference between pharming and phishing?

Both pharming and phishing are forms of attack on your personal details. A criminal will use them to obtain your user names and passwords. However, while their premise is the same – their method is different.

Phishing attacks will usually involve an email that appears to be from a company with which you do business. Tricking you into thinking this email has come from a legitimate source, a phishing email will prompt you to log in to your account with the link provided in the email. The website you visit is not real, but has been created to mimic the layout and design of the legitimate page. However, as it appears authentic, you enter your username and password, which is then captured by the attacker.

Pharming is different. A pharming attack can happen even when you are browsing a legitimate site and you have typed in the URL of the website yourself. In a pharming attack, the criminal “hijacks” the intended site’s DNS (domain name system) server and the result is that you are redirected to an imposter site. Much like in a phishing scam, many won’t notice any difference, and will enter their username and password as usual, and the attacker captures it.

Do you have a question you’d like us to answer? Comment below or tweet us @JustAskGemalto.