A Brief History of Cybercrime and Cyberwarfare - The Technical and Social History of Software Engineering

Information Technology Reference

In-Depth Information

Pharming

The term “pharming” is based on “farming” and uses the same “ph” combination

as “phishing.” Pharming is a form of phishing that is aimed more at e-commerce

and banking sites than at other kinds of users. One major issue with pharming is

that it can affect routers, and once a router has invalid information, then anyone

joining that network can be infected.

Because phishing and pharming are close to identical, there is some objection

to the term “pharming.” Of the two, phishing seems the oldest and was noted as

far back as 1995.

Phishing

“Phishing” is an obvious play on the word “fishing” and has more or less the same

meaning—cast an attractive bait and wait to see what bites. Phishing in several

forms predates the computer era. Both surface mail and telephones have been used

to solicit information from unsuspecting victims long before computers existed.

Telegrams were also used in the days when they were a fast form of communica-

tion.

The most common forms of phishing today involve emails or instant mes-

saging. In one very common form, the sender pretends to be an official of a foreign

government (often Nigeria) who needs to transmit funds to an American bank. The

email requests that the recipient send bank information so the money can be trans-

ferred, and the recipient will then be able to keep a portion as a reward. A more

recent variation involves pretending to be a serving officer in Afghanistan or Iraq

who has come across funds that can't easily be taken out of the country.

More recent and more subtle forms of phishing involve stolen email lists. Using

a name known to the recipient from a stolen email list, the sender writes an email

with a message like “I'm writing this with tears in my eyes . . .” The message

then goes on to describe some kind of tragedy such as a mugging or stolen wallet

that left the person with no money and no identification. There is a request to send

funds to pay for a hotel, rental car, or something else.

Phishing attacks aimed at specific individuals using personal information such

as their social networks or lists of friends from stolen email lists is called spear

phishing .

An even more sophisticated form of phishing is called whale phishing because

it is aimed at senior executives. This kind of phishing is preceded by very focused

email thefts from a law firm or accounting firm known to be used by the intended

Search WWH ::

Custom Search

Home