Phishing and pharming are similar. Which of the following correctly describes the difference between phishing and pharming?
A.
Personal information is collected from victims through legitimate-looking Web sites in phishing attacks, while personal information is collected from victims via e-mail in pharming attacks.
B.
Phishing attacks point e-mail recipients to a form where victims input personal information, while pharming attacks use pop-up forms at legitimate Web sites to collect personal information from victims.
C.
Victims are pointed to a fake Web site with a domain name that looks similar to a legitimate site’s in a phishing attack, while victims are directed to a fake Web site as a result of a legitimate domain name being incorrectly translated by the DNS server in a pharming attack.
D.
Phishing is a technical attack, while pharming is a type of social engineering.
Explanation:
C: In both phishing and pharming, attackers can create Web sites that look very similar to legitimate sites in an effort to collect personal information from victims. In a phishing
attack, attackers can provide URLs with domain names that look very similar to the legitimate site’s address. For example, www.amazon.com might become www.amzaon.com. Or use
a specially placed @ symbol. For example, www.msn.com@notmsn.com would actually take the victim to the Web site notmsn.com and provide the username of www.msn.com to this
Web site. The username www.msn.com would not be a valid username for notmsn.com, so the victim would just be shown the home page of notmsn.com. Now, notmsn.com is a
nefarious site created to look and feel just like www.msn.com. The victim feels he is at the legitimate site and logs in with his credentials. In a pharming attack, the victim is given a
legitimate domain name, but that domain name is redirected to the attacker’s Web site as a result of DNS poisoning. When the DNS server is poisoned to carry out a pharming attack,
the records have been changed so that instead of sending the correct IP address for www.logicalsecurity.com, it sends the IP address of a legitimate looking, but fake Web site created
by the attacker.
A is incorrect because a pharming attack does commonly not involve the collection of information via e-mail. In fact, the benefit of a pharming attack to the attacker is that it can
affect a large amount of victims without the need to send out e-mails. Like a phishing attack, a pharming attack involves a seemingly legitimate, yet fake, Web site. Victims are directed
to the fake Web site because the host name is incorrectly resolved as a result of DNS poisoning.
B is incorrect because both descriptions are true of phishing attacks. Pharming attacks do not use pop-up forms. However, some phishing attacks use pop-up forms when a victim is
at a legitimate site. So if you were at your bank’s actual Web site and a pop-up window appeared asking you for some sensitive information, this probably wouldn’t worry you, since you
were communicating with your actual bank’s Web site. You may believe the window came from your bank’s Web server, so you fill it out as instructed. Unfortunately, this pop-up
window could be from another source entirely, and your data could be placed right in the attacker’s hands, not your bank’s.
D is incorrect because both attacks are technical ways of carrying out social engineering. Phishing is a type of social engineering with the goal of obtaining personal information,
credentials, credit card numbers, or financial data. The attackers lure, or fish, for sensitive data through various different methods, such as e-mail and pop-up forms. Pharming involves
DNS poisoning. The attacker modifies the records in a DNS server so that it resolves a host name into an incorrect IP address. The victim’s system sends a request to a poisoned DNS
server, which points the victim to a different Web site. This different Web site looks and feels just like the requested Web site, so the user enters his username and password and may
even be presented with Web pages that look legitimate.