•Both Phishing and Pharming are methods used to steal personal information over the Internet
– User Id/Password
– Credit Card Number
– PIN
• Phishing is typically carried out using email or an instant message, and often directs users to give details at a website
• Pharming is a hacker's attack aiming to redirect a website's traffic to another (bogus) website.
• Pharming is more dangerous than Phishing
• In Phishing incorrect client request is sent and if user is little bit intelligent he/she can identify it very easily
• In Pharming correct Client request is sent and that get redirected to wrong server. So identifying it is difficult for intelligent users also
Phishing Techniques
In this technique hackers manipulate links in such manner that it’s difficult for user to identify whether is page is served form correct website or fake website. Few of such techniques are
1. Misspelled URLs
e.g. http://www.0rkut.com
2. Sub domains
e.g. http://www.yourbank.com.example.com/
3. Using “@”
e.g. http://www.google.com@members.tripod.com/
Technique -2 Website forgery
In this technique hackers alter the address bar
1. Hiding Address bar
2. Altering the content of Address bar using scripts
3. Putting image with legitimate URL over address bar
Pharming Techniques
In Pharming attackers try to redirect the user’s requests (web traffic) to a bogus website, for doing this commonly used techniques are:
1.Altering Host File
Host File location
%windir%/system32/drivers/etc/hosts (Windows)
/etc/hosts (Unix)
2.Hijacking DNS Server/Local Network Router
No comments:
Post a Comment