Discuss in detail about phishing and pharming with relevant examples.

What will be an ideal response?

---

Answers will vary. Phishing is the use of an email message that appears to come from a legitimate organization, such as PayPal or a bank, but is actually sent from a phisher to trick the recipient into revealing sensitive personal information, such as Web site logon information or credit card numbers. Once obtained, this information is used in identity theft and other fraudulent activities. A phishing email often looks legitimate and contains links that appear to go to the Web site of the legitimate business. However, these links go to the phisher's Web site, which is set up to look like the legitimate site. Phishing emails are typically sent to a wide group of individuals and usually include an urgent message stating that the individual's credit card or account information needs to be updated and instructing the individual to click the link provided in the email to keep the account active. If the victim clicks the link and supplies the requested information via the phisher's bogus site, the criminal gains access to all information provided by the victim. Phishing attempts can also occur via instant messages, text messages, fake messages sent via eBay or Facebook, Tweets, pop-up security alert windows, and even links in YouTube videos. Phishers also frequently use spyware; clicking the link in the phishing email installs the spyware on the victim's computer where it remains, transmitting sensitive data to the phisher, until it is detected and removed.?Spear phishing occurs when phishing emails are targeted to a specific individual and appear to come from an organization or person that the targeted individual has an association with. These emails often include personalized information, such as the potential victim's name, employer, and other information frequently found on social media and other public resources to make them seem more legitimate. Spear phishers target employees of selected organizations by posing as someone within the company, such as a human resources or technical support employee. These spear phishing emails often request confidential information or direct the employee to click a link to validate an account. The goal of corporate spear phishing attacks is usually to steal intellectual property, such as software source code, design documents, or schematics.?Pharming is a scam that redirects traffic intended for a commonly used Web site to a bogus Web site set up by the pharmer in an effort to obtain users' personal information. Sometimes pharming takes place using malicious code sent to a computer or other device via an email message. More often, however, it takes place through changes made to a DNS server-a computer that translates URLs into the appropriate IP addresses needed to display Web pages. Pharming most often takes place via a company's DNS server, which routes Web page requests corresponding to company URLs. The pharmer changes the IP addresses used in conjunction with a particular company's URL (called DNS poisoning) so any Web page requests made to the legitimate company URL are routed via the company's poisoned DNS server to a phony Web page located on the pharmer's Web server. So, even though a user types the proper URL to display the legitimate company Web page in his or her browser, the bogus page is displayed instead. Because these bogus sites are set up to look like the legitimate sites, the user typically does not notice any difference, and passwords or any information sent via that site are captured by the pharmer. Please see the section "Online Theft, Online Fraud, and Other Dot Cons" for more information.