Phishing: Cutting the Identity Theft Line

Author - Rachael Lininger ... [Goo?] [Posters]
Author - Russell Dean Vines ... [Goo?] [Posters]

This Paperback Book item from Wiley was reviewed on 31-Jul-2008.

Search ISBN:0764584987 offer from Abebooks or used books from Alibris. Phishing: Cutting the Identity Theft Line Reference Book. Classifications : Networking Data in the Enterprise Home Networks Internet, Groupware, & Telecommunications Intranets & Extranets Network Administration Network Programming Network Security Networks, Protocols & APIs T . Click the following link to view the cover of Phishing: Cutting the Identity Theft Line.

Related topics: Networking. Home Networks. Network Programming. Network Security. Telephony. Wireless Networks. Subjects. Books. General. Subjects.

1) Paperback Book Phishing: Cutting the Identity Theft Line by Wiley. Nutshell review - This is a decent book on the problem of phising. Good overview and reference for further research. A good book for managers and infosec professionals alike.¤

2) Paperback Book Phishing: Cutting the Identity Theft Line by Wiley. Phishing is simply about someone sending out emails inviting you to `update your details´, right? Well, yes ... and no. This book ably demonstrates that there is rather more to it than that. Authors Rachael Lininger and Russell Dean Vines explain the basics and then go on to lift the covers on a seedy underworld where criminal hackers combine social engineering and fraud techniques with spyware, rootkits and other tricks to exploit vulnerabilities in email readers and Internet browsers.

Phishing is essentially a detailed security awareness text focusing on phishing and identity theft. Its main aim is to enable the reader to identify and avoid phishing emails and websites, with secondary objectives being to raise awareness of spyware and other forms of malware, and to advise those who have already swallowed the phisher´s bait.

The two chapters giving advice for financial services and similar companies whose customers are being phished are fairly weak, but to be fair there is not a huge amount they can do. Two chapters of advice for ordinary computer users go well beyond the usual `watch out for phishing emails´, covering aspects such as antivirus and patching.

The following audiences are identified:
- Incident response teams at financial institutions
- Information security professionals and management
- Executive management of any company whose brand might be spoofed
- Everyone who uses the Internet
Phishing is quite a long and specific book that seems unlikely to be read by many non-technical readers, despite its laudable aims. The professional readership will benefit from this book.

Rachael Lininger is billed as a `technical writer in the information security department of a major US financial institution´. It is clear from her writing that she has written up a lot of phishing attacks before.
Russel Dean Vines is a well-qualified information security consultant and cyber-counterterrorism specialist as well as an accomplished jazz musician.

Although the topics are quite technical in places, the book treads a fine line between oversimplifying things and delving too deeply. Rachael´s sections include some very welcome tongue-in-cheek asides and even the odd Monty Python reference to brighten up an otherwise rather dry topic. There are plenty of examples of phishing emails, analyzed down to the level of the HTML code, and URLs for more information.

Although things are moving rapidly in this field, Phishing remains relevant and useful two years or more after it was written. The authors´ experience evidently qualified them to take a forward-looking perspective. This should definitely be on the bookshelf of the information security department at any eBusiness.¤

3) Paperback Book Phishing: Cutting the Identity Theft Line by Wiley. The authors claim this book is for a wide range of people from network administrators type people to any one who wants to learn about phishing. Though there is a lot of information in this book, most of it will be common knowledge to people who are employed to keeps networks secure. This books would be great for some one who has been scammed, if you can overlook the flakey writing. For instance, instead of Congressmen they refer to them as "Congresscritters". It was annoying and difficult to keep much of the authors´ information seriously. If you can ignore this, you will learn a lot about phishing scams, what to avoid, and how to recover from one.¤

4) Paperback Book Phishing: Cutting the Identity Theft Line by Wiley. Phishing attacks, or at least the number of phishing emails intercepted by Messagelabs, jumped more than 1700% from June through November of 2004. The Anti-Phishing Working Group has reported an average growth of 25% per month for websites devoted to stealing your confidential information and your identity.

Phishing and identity theft are serious threats. However, as the authors point out early on in the book, identity theft has been around as long as there have been identities and is not unique to computers or the Internet. Phishing attacks are simply a new tool for identity thieves to use.

Phishing provides the information that consumers need to understand the threat and the risks and arm themselves to safeguard their information and defend against phishing attacks. The book is not bogged down with dry detail, but provides a ton of useful and necessary information in an easy-to-read format.

After reading this book, users will understand just how phishing works ad how it ties together with spam, spyware and other threats. Readers will also learn how to avoid becoming a phishing victim as well as who to contact or how to respond if they do.

This is an excellent book that just about anyone who uses computers should read.
¤

5) Paperback Book Phishing: Cutting the Identity Theft Line by Wiley. The authors do an excellent job of describing phishing and its nefarious variants, like pharming. If you are worried about the threat and want a reliable source of information, that is not alarmist, then consider this book. It describes not just phishing, but various technical countermeasures that have been attempted. Alas, the long and short is that most of these are of limited utility.

A blacklist of known phishing sites is vulnerable to zero day events - the delay from when the messages go out and when the site is identified as phishing and taken down by its ISP.

A two factor hardware gadget scales badly when people have accounts at several financial firms, and also at places like eBay or Amazon or other online retailers. There is no standardisation of these gadgets, even in the banking industry. Imagine having to carry around 5 or 6 of these for your accounts. Not practical.

The authors suggest examining the HTML source of some suspect messages. This depends on the user correctly identifying those messages. Then, the source can be very confusing to anyone not experienced in HTML. The source for the mail pages at Yahoo and Hotmail, for example, are very intricate, due to all the links and ads they put around the message.

Various toolbars are described in the book. These use heuristics (rules of thumb) and blacklists to try to assess if a web page or email is phishing. The blacklists have the defect noted above. And the heuristics are subjective.

Then there are the various email authentication plans. SPF, Sender Id and Domain Keys. But these authenticate the sender. They say nothing about the contents of the messages. Any of these will not stop spam, let alone phishing. Plus, the industry has not been able to agree on even one of these as a standard.

Encryption is mentioned in the text. But expecting users to be able to handle encrypting and decrypting the bulk of their messages is hopeless. Beyond the ken of most of them, who do not even understand the significance of the various browser certificate warnings that they currently get.

User education is stressed by the book. In part because of the lack of effective technical answers. Yet here, some percentage of naive users will always be with us. And they are disproportionately vulnerable to the phishing. Plus, the phishers refine their methods. Towards perhaps setting up pharms that are very convincing. And maybe using man in the middle attacks with these pharms.

By contrast, there are over 10 anti-phishing US Patents Pending, co-invented by me, that are qualitatively totally different from the industry methods given in the book. These methods are lightweight and objective and elegant. They offer a means of crushing most of phishing and pharming.¤

6) Paperback Book Phishing: Cutting the Identity Theft Line by Wiley. "Phishing" is the hot new identity theft scam. An unsuspecting victim receives an e-mail that seems to come from a bank or other financial institution, and it contains a link to a Web site where s/he is asked to provide account details. The site looks legitimate, and 3 to 5 percent of people who receive the e-mail go on to surrender their information-to crooks. One e-mail monitoring organization reported 2.3 billion phishing messages in February 2004 alone.

If that weren´t enough, the crooks have expanded their operations to include malicious code that steals identity information without the computer user´s knowledge. Thousands of computers are compromised each day, and phishing code is increasingly becoming part of the standard exploits.
Written by a phishing security expert at a top financial institution, this unique book helps IT professionals respond to phishing incidents. After describing in detail what goes into phishing expeditions, the author provides step-by-step directions for discouraging attacks and responding to those that have already happened.

In Phishing, Rachael Lininger:

• Offers case studies that reveal the technical ins and outs of impressive phishing attacks.
• Presents a step-by-step model for phishing prevention.
• Explains how intrusion detection systems can help prevent phishers from attaining their goal-identity theft.
• Delivers in-depth incident response techniques that can quickly shutdown phishing sites.

Page Updated: Robert N. Goolsby, 28-Aug-2008, 07645849879780764584985, 9X0-590-870-641-0X1-601-8

Phishing: Cutting the Identity Theft Line, Book, Image © Wiley

Search: Wiley, Book Posters, Book Art