What are Phishing and Pharming?
A. Phishing attacks use both social engineering and technical subterfuge to steal consumers’ personal identity data and financial account credentials. Social-engineering schemes use ‘spoofed’ e-mails to lead consumers to counterfeit websites designed to trick recipients into divulging financial data such as credit card numbers, account usernames, passwords and social security numbers. Hijacking brand names of banks, e-retailers and credit card companies, phishers often convince recipients to respond. Technical subterfuge schemes plant crimeware onto PCs to steal credentials directly, often using Trojan keylogger spyware. Pharming crimeware misdirects users to fraudulent sites or proxy servers, typically through DNS hijacking or poisoning.
“Phishing” is when a fraudulent email is sent to an individual that prompts them to log into a malicious website and provide personal information ranging from online banking usernames and passwords, to account numbers, to social security numbers. The “phisher” creates an email that looks like it is coming from a legitimate source, often a credit union or bank. “Pharming” is when the fraudulent individual replicates the website of a financial institution or other organization in an attempt to collect personal information from users. Used in conjunction with each other, phishing and pharming can be detrimental to online banking customers and to a financial institution’s reputation. The malicious sites and emails are often indistinguishable from the sites they are mimicking and can fool even seasoned internet users.
