Scribd Logo
Upload

Welcome to Scribd!

  • CSC 134 Assignment 3

    Uploaded by

    Mohd Syafiq Akmal
    575 views8 pages
    This document discusses phishing and pharming, which are methods used by criminals to steal users' personal information. Phishing involves sending fake emails pretending to be from legitimate websites to trick users into entering their details. Pharming hijacks websites by altering DNS servers so users are redirected to fake sites. While similar, phishing relies on deception through emails while pharming directly hijacks websites. The document provides examples of each and compares their methods. It concludes with suggestions for users to protect themselves such as using security software and being cautious of unsolicited emails.

    Original Description:

    s

    Original Title

    Csc 134 Assignment 3

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document discusses phishing and pharming, which are methods used by criminals to steal users' personal information. Phishing involves sending fake emails pretending to be from legitimate websites to trick users into entering their details. Pharming hijacks websites by altering DNS servers so users are redirected to fake sites. While similar, phishing relies on deception through emails while pharming directly hijacks websites. The document provides examples of each and compares their methods. It concludes with suggestions for users to protect themselves such as using security software and being cautious of unsolicited emails.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    575 views8 pages

    CSC 134 Assignment 3

    Uploaded by

    Mohd Syafiq Akmal
    This document discusses phishing and pharming, which are methods used by criminals to steal users' personal information. Phishing involves sending fake emails pretending to be from legitimate websites to trick users into entering their details. Pharming hijacks websites by altering DNS servers so users are redirected to fake sites. While similar, phishing relies on deception through emails while pharming directly hijacks websites. The document provides examples of each and compares their methods. It concludes with suggestions for users to protect themselves such as using security software and being cautious of unsolicited emails.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 8

    UNIVERSITI TEKNOLOGI MARA

    CSC134 COMPUTER AND INFORMATION PROCESSING

    ASSIGNMENT 3

    PREPARED BY:

    STUDENT ID

    Saidatul Nor Athira bt


    Shamsul Anuar
    : 2013462304

    GROUP

    : AS120 4A

    NAME

    PREPARED FOR:
    Mdm Siti Nursarjana Malim

    SUBMISSION DATE:
    17/3/2015

    Table of Content:
    1

    Contents:

    Page:

    Introduction

    Phishing

    Pharming

    Comparison between Phishing and Pharming

    Countering Phishing and Pharming

    Conclusion

    References

    Introduction:

    When dealing with technology there are many risks and as a user we need to be prepared
    and at least have a bit of knowledge on computers and how dangerous it can be. Even though
    technology has many advantages and to be honest technologies are not evil, technologies only
    becomes harmful when a specific individual misuse it or uses it for there own gain.

    There are many ways for this specific individual to misuse a computer such as implanting
    viruses or worst phishing and pharming. Phishing and pharming are ways for these individual to
    con another user. They do so just to get personal information about the user and uses it for their
    personal gain such as steal money or identity theft.

    Therefore as a user we need to know the basics or at least some knowledge on this in
    order to protect ourselves if or when this problem ever arises. Therefore we need to know the
    differences of phishing and pharming and ways to avoid or countering them, and if we have
    established that than, as a user you will feel safer and can actually evade these problems.

    Phishing:

    Phishing is the attempt to attain sensitive information such as usernames, passwords, and
    credit card details and sometimes, indirectly, money by impersonating as a trustworthy person in
    an electronic communication.

    Communications claiming to be from popular social web sites, auction sites, banks,
    online payment processors or IT administrators are commonly used to lure unsuspecting public
    or users. Phishing emails may contain links to websites that are infected with malware. Phishing
    is typically carried out by email spoofing or instant messaging, and it often directs users to enter
    details at a fake website which looks and feel like legitimate one.

    Phishing is an example of social engineering techniques used to deceive users, and


    manipulates the poor usability of current web security technologies.

    Signs you may have receives a Phishing Email:


    If you receive an email from a website or company urging you to provide your personal
    information, you might be the target of a phishing scam. The tips Ive given should be taken
    seriously so you can avoid being taken in phishers. Apart from that, the fraudsters often include
    urgent calls to action to try to get you to react immediately. The fraudsters often send
    thousands of phishing emails at one time, but they seldom have your name. Be skeptical often
    email sent with a generic greeting

    Pharming:

    Pharming is a form of online fraud very similar to phishing as pharmers rely upon the
    same false websites and theft of confidential information. However, where phishing must lure a
    user to the website through bait in the form of a phony email or link, pharming re-directs
    victims to the false site even if the victim has typed the correct web address. This is often applied
    to the websites of banks or e-commerce sites.

    While there are several ways to pharm, the primary method stems from an older attack
    called DNS cache poisoning in which an attack is made against the Internet naming system that
    allows users to enter meaningful names for websites rather than a series of numbers.

    The naming system relies upon DNS servers to handle the conversion of the letter-based
    website names, which are easily recalled by people into the machine-understandable digits that
    whisk users to the website of their choice.

    When a pharmer mounts a successful DNS cache poisoning attack, they are effectively
    changing the rules of how traffic flows for that portion of the Internet. It is from this practice that
    pharmers found their namesake herding large numbers of Internet users to a false site rather
    than planting the bait of the phishers.

    Comparison between Phishing and Pharming:

    Pharming is the hijacking of an official website's address, usually by hacking a Domain


    Name System server and altering the legitimate website's IP address so that users who enter the
    correct Web address (for example, www.bankersonline.com) are directed instead to a 'knock of'
    of the correct page, where user names, passwords and perhaps additional personal information is
    collected for later illegal use.

    Phishing omits the step of hacking into a DNS server, and instead sends illicit email
    messages that appear to come from a legitimate source. The emails attempt to lure the reader into
    clicking a link that appears to go to a legitimate web address, but the actual link is to a false,
    look-alike site, again designed to trick the user into providing personal information. Phishing and
    pharming are two slightly different strategies to the same illicit end.

    Countering Phishing and Pharming:

    IMPACT

    DEFENCES

    EMAIL PHISHING
    Individuals

    General user

    awareness
    Anti-spam technology
    Technical security

    training for IT staff


    Secure development

    PHARMING
    Customers of large well-

    known businesses
    Lost of customer confidence

    in corporate brand
    Potential corporate liability
    A documented and holistic

    approach for DNS


    Sophisticated technical
    security training for senior

    practices

    IT engineers
    Customer training on
    methods for detecting web-

    site validity
    Customer awareness
    General security training for
    all employees

    Conclusion and Suggestion:

    In conclusion, as a user we need to be less gullible to all the advertisement or be more


    cautious when opening a website and not trust fully any website unless it is recognized by the
    authorities. The user should not click on links, download files or open attachments in emails
    from unknown senders. It is best to open attachments only when you are expecting them and
    know what they contain, even if you know the sender. Protect your computer with a firewall,
    anti-virus and anti-spyware software and do some research to ensure that you are getting the
    most up-to-date software, and update it regularly to ensure that you are blocked from new viruses
    and spyware.

    References:
    1.
    2.
    3.
    4.
    5.

    http://en.wikipedia.org/wiki/Phishing
    http://malaysia.norton.com/cybercrime-pharming
    http://www.computereconomics.com/article.cfm?id=1099
    http://www.bankersonline.com/technology/guru2006/gurus_tech091806a.html
    http://www.identitytheftkiller.com/prevent-phishing-scams.php

    You might also like