Professional Documents
Culture Documents
ASSIGNMENT 3
PREPARED BY:
STUDENT ID
GROUP
: AS120 4A
NAME
PREPARED FOR:
Mdm Siti Nursarjana Malim
SUBMISSION DATE:
17/3/2015
Table of Content:
1
Contents:
Page:
Introduction
Phishing
Pharming
Conclusion
References
Introduction:
When dealing with technology there are many risks and as a user we need to be prepared
and at least have a bit of knowledge on computers and how dangerous it can be. Even though
technology has many advantages and to be honest technologies are not evil, technologies only
becomes harmful when a specific individual misuse it or uses it for there own gain.
There are many ways for this specific individual to misuse a computer such as implanting
viruses or worst phishing and pharming. Phishing and pharming are ways for these individual to
con another user. They do so just to get personal information about the user and uses it for their
personal gain such as steal money or identity theft.
Therefore as a user we need to know the basics or at least some knowledge on this in
order to protect ourselves if or when this problem ever arises. Therefore we need to know the
differences of phishing and pharming and ways to avoid or countering them, and if we have
established that than, as a user you will feel safer and can actually evade these problems.
Phishing:
Phishing is the attempt to attain sensitive information such as usernames, passwords, and
credit card details and sometimes, indirectly, money by impersonating as a trustworthy person in
an electronic communication.
Communications claiming to be from popular social web sites, auction sites, banks,
online payment processors or IT administrators are commonly used to lure unsuspecting public
or users. Phishing emails may contain links to websites that are infected with malware. Phishing
is typically carried out by email spoofing or instant messaging, and it often directs users to enter
details at a fake website which looks and feel like legitimate one.
Pharming:
Pharming is a form of online fraud very similar to phishing as pharmers rely upon the
same false websites and theft of confidential information. However, where phishing must lure a
user to the website through bait in the form of a phony email or link, pharming re-directs
victims to the false site even if the victim has typed the correct web address. This is often applied
to the websites of banks or e-commerce sites.
While there are several ways to pharm, the primary method stems from an older attack
called DNS cache poisoning in which an attack is made against the Internet naming system that
allows users to enter meaningful names for websites rather than a series of numbers.
The naming system relies upon DNS servers to handle the conversion of the letter-based
website names, which are easily recalled by people into the machine-understandable digits that
whisk users to the website of their choice.
When a pharmer mounts a successful DNS cache poisoning attack, they are effectively
changing the rules of how traffic flows for that portion of the Internet. It is from this practice that
pharmers found their namesake herding large numbers of Internet users to a false site rather
than planting the bait of the phishers.
Phishing omits the step of hacking into a DNS server, and instead sends illicit email
messages that appear to come from a legitimate source. The emails attempt to lure the reader into
clicking a link that appears to go to a legitimate web address, but the actual link is to a false,
look-alike site, again designed to trick the user into providing personal information. Phishing and
pharming are two slightly different strategies to the same illicit end.
IMPACT
DEFENCES
EMAIL PHISHING
Individuals
General user
awareness
Anti-spam technology
Technical security
PHARMING
Customers of large well-
known businesses
Lost of customer confidence
in corporate brand
Potential corporate liability
A documented and holistic
practices
IT engineers
Customer training on
methods for detecting web-
site validity
Customer awareness
General security training for
all employees
References:
1.
2.
3.
4.
5.
http://en.wikipedia.org/wiki/Phishing
http://malaysia.norton.com/cybercrime-pharming
http://www.computereconomics.com/article.cfm?id=1099
http://www.bankersonline.com/technology/guru2006/gurus_tech091806a.html
http://www.identitytheftkiller.com/prevent-phishing-scams.php