• Phishing and pharming attacks have become sophisticated and are being used to cause real harm to a wide range of organisations.
• Although a large volume of low-grade and easily defeated attacks continue to proliferate, more sophisticated attacks are succeeding against even security-aware individuals and organisations
• Spear phishing techniques in particular are being deployed successfully and affected organisations are suffering significant business loss.
• In most cases, these incidents are not widely reported and this can make it difficult to assess the real scale of the problem
• Attackers’ objectives are both to steal confidential information and to gain access to and control over sensitive systems, whether for political or financially-motivated reasons.
• Phishing and pharming attacks are increasingly being used as a means of delivering malicious software (malware) into target organisations, with this malware then used to achieve the attackers’ ultimate goals
• There are a wide range of different phishing and pharming techniques which attackers may choose to employ. Alongside traditional email phishing techniques, attackers are now making use of web and mobile technologies.

What are phishing and pharming?

• Phishing is a form of electronic deception where an individual is persuaded to perform actions or divulge information by an attacker impersonating a trustworthy entity.
• Most Internet users have encountered phishing in the form of emails purporting to come from a bank or other business, but in fact originating from a malicious source and designed to persuade the recipient to hand over personal information such as credit card details.
• Of particular concern is the emergence of spear phishing.
• A spear phishing attack targets a particular individual or group of individuals, and uses prior knowledge of the target to construct an approach that is far more likely to result in success.
• Pharming is an attack on network infrastructure that results in a user being redirected to an illegitimate website despite the user having entered the correct web address.
• Such attacks succeed by exploiting weaknesses in the core technologies and processes that underpin the operation of the Internet.
• Both phishing and pharming are increasingly used not only to trick targets into revealing personal information, but also as a technique for installing malicious software (malware).
• In the case of spear phishing this is likely to form part of a concerted infiltration and compromise operation.

How serious is the threat from phishing and pharming

• Phishing and pharming attacks are being mounted by well-funded groups as a primary means of targeting organisations.
• In many cases the attacks are succeeding with results which are harmful to the organisation’s business interests.
• The most serious cases are typically not publicly disclosed due to their sensitivity, but phishing attacks should no longer be considered as low-level crime.
• Gone are the days when a phishing attack would involve a user receiving a poorly crafted email that requested them to divulge login credentials for an organisation that they may or may not have had an account with.
• Phishing attacks are continually evolving and attackers are adding new weapons to their arsenal, resulting in attacks that are highly sophisticated, wellorganised, well funded and aimed at specific high-value targets with clear financial or political objectives.

Phishing

• Mass phishing attacks have received a large amount of media attention over the last decade.
• An attacker sends out deceptive emails, which appear to be from a legitimate organisation, to a significant number of email addresses.
• The aim is to convince some proportion of the recipients to click on an embedded link in the message that directs them to a malicious website masquerading as a legitimate one.
• More recent versions of this attack do not try to persuade the user to divulge information, but rather to persuade them to perform some action.
• This could be visiting a website that downloads malware through a software vulnerability on the user’s machine, or opening an email attachment that contains malware

Pharming

Many users are vigilant when it comes to following good security practice but almost all Internet users assume that when they type an address into a web browser they will be directed to that legitimate website.

This assumption is based on the belief that core internet infrastructure is trustworthy. Unfortunately, this level of trust is misplaced.

Where a phishing attacks is an electronic form of deception that targets people, pharming is inherently a technical attack.

Pharming attacks exploit vulnerabilities in core Internet technologies which were not originally designed with security in mind. To date these technologies remain extensively unchanged, despite society’s dependence on them for almost all aspects of Internet use.

The result of a successful pharming attack could be a user being redirected to a malicious website despite the user having entered the correct web address.

This is because pharming is a technical attack against core Internet technologies: typically IP Routing or the Domain Name System.