Phishing and Pharming are different issues, and are both important.
Phishing is sending people (individuals) fake emails telling them to go to a site and put in their credit card number. They do, and shit happens. Phishers get trickier and trickier, google the term for more information.
Pharming is similar to phishing, except instead of sending out emails, you abuse some server along the line to send everybody (or a large number of people) to the fake server.
Pharming often uses DNS server problems. There are different DNS softwares, most notably MS's and Bind. Most servers use Bind. Bind is a very old, open source much-audited program. It's had a lot of vulnerabilities found and quickly past, and have always been very good at staying secure. MS's.. well, they're MS.
Pharming can also be done by abusing issues in cache servers. The key words if you want to research further are "HTTP Response Splitting" and "HTTP Response Smuggling". What they basically do is leave the wrong page in a server's cache. Then, when somebody else goes through that caching server, they see the wrong page. Lots of corporations and many ISP's do invisible caching on content, to help ease their bandwidth costs, so you can hit anybody on the OS for certain servers that are vulnerable to response splitting.
(Just to clarify, the vulnerability isn't in the cache server, it's in the application at the other end)