This Paperback Book item from Syngress was reviewed on 4-Nov-2008.
Search ISBN:159749030X offer from Abebooks or used books from Alibris. Phishing Exposed Reference Book. Classifications : All Amazon Upgrade Amazon Upgrade Custom Stores Specialty Stores Books Computers & Internet Amazon Upgrade Custom Stores Specialty Stores Books Nonfiction Amazon Upgrade Custom Stores Specialty Stores . Click the following link to view the cover of Phishing Exposed. Related topics: All Amazon Upgrade. Amazon Upgrade. Custom Stores. Specialty Stores. Books. Amazon Upgrade. Custom Stores. Specialty Stores. Books. Nonfiction. requestid: 8262ac78-cfc8-437b-804f-e976dc78cf43
requestprocessingtime: 0.0764660000000000
salesrank: 848673
edition: 1
numberofitems: 1
packagedimensions: 126890132685
1) Paperback Book Phishing Exposed by Syngress. Here are the chapters:
- Chapter 1 Banking On Phishing
- Chapter 2 Go Phish!
- Chapter 3 E-Mail: The Weapon of Mass Delivery
- Chapter 4 Crossing the Phishing Line
- Chapter 6 Malware, Money Movers, and Ma Bell Mayhem!
- Chapter 7 So Long, and Thanks for All the Phish!
395 pages paperback
As others have stated in their reviews, this is the book if you are involved in Internet security either at an ISP, webserver administrator or a security analyst at a large corporation or in law enforcement dealing with cybercrime. Phishing Exposed is also very useful for watch dog individuals on the web who actively report Internet scams to ISPs. It is an eye opener on how phishing scams have gotten more sophisticated in snaring unsuspecting victims´ data within the last few years. This book was released in late 2005, however, most of the information is still rather relevant and useful for today for those who are working to minimize Internet fraud. For example, the use of botnets and malware have gained a larger role in the proliferation of phishing scams since this book was published; the author does cover some detail on this newer approach to perpetuating fraud online.
I have pretty much read the entire book, though I read quickly through all the scripting and coding details Lance outlines in his book and the detail takes up quite a few pages. I did enjoy reading it, thus why it only took me about 2 days to get through it. As I come across some of the coding complexities Lance outlines, I will return to this book as a reference.
One criticism I have is there is no glossary of terms. Lance uses many many technical terms, a few here and there that I didn´t know and when I did read them, sometimes I forgot what they stood for.
I will point out a few highlights which may be useful for some of what is covered:
Email Headers
The author provides us information on how to read email headers we receive in spam from phishers who are just a subset of spammers anyway. This is quite useful for those still learning how to decode email headers line by line. Though there are a few things the author leaves out regarding explaining the breakdown of headers, he covers this seldom-covered subject quite well. Most of the samples of spam we have here are Lance´s own fake phishing spams, similar to examples you will read in the scripting sections.
Scripting
The author tells us about CSS (Cross Site Scripting) - Cross site scripting (also known as XSS) occurs when a web application gathers malicious data from a user. The data is usually gathered in the form of a hyperlink which contains malicious content within it. The user will most likely click on this link from another website, instant message, or simply just reading a web board or email message [...]. This part of the book will take me longer to grasp as my own scripting knowledge is not very strong.
Lance covers the scripting exploits in creating phishing websites in regards to DHTML, DOM, SSL, JavaScript, redirects, and covers HTTP responses (common status codes) via user-agents. Lance uses his own made-up phishing sites to demonstrate how these scripts work. Status codes example: such as 404 file not found.
Money Laundering
Finally, the author also covers phisher money laundering in chapter (6) "Chapter 6 Malware, Money Movers, and Ma Bell Mayhem!" of the book. Phishers use mules to forward the funds for them (mules have bank accounts setup to accept the money and transfer it elsewhere: sometimes the "mules" do not even realize they are participating in illegal activity); this is similar to what drug dealers do to launder their money. He also covers caller ID spoofing in this chapter. This area is probably generally less well known, as it is more of the bank side of things of how the stolen money is transfered from account to account.¤ 2) Paperback Book Phishing Exposed by Syngress. Phishing quickly exploded from a nuisance to a full-fledged threat in the middle of 2005. Weaknesses in email, combined with flaws in Web security and with a little social engineering mixed in make for an effective tool to get the attention of users and lure unsuspecting people into the trap.
It didn´t take long for the organized crime elements of the malware underground to recognize the power and efficiency of this tool. Phishing is a virtual poster-child for the convergence of malware because it is a malicious tool that helps tie viruses, worms, spam, Trojans and other malware together and get them delivered effectively to their designated targets.
While a book like Phishing: Cutting The Identity Theft Line is aimed at managers and executives and users, this book is more along the lines of Inside The Spam Cartel in the way it dives deeper to look at the secrets and techniques and explore the underground that makes it work.
While the content is more technical, James writing is engaging. Phishing Exposed is an excellent resource for developers, specifically Web developers, and for security experts to understand more about how and why phishing works, rather than just what it is and how to detect and defend against it.
¤ 3) Paperback Book Phishing Exposed by Syngress. If you´re on your way to a security conference this summer, and you´d like to get up to speed on web site abuses and browser design vulnerabilities, this book makes for excellent airplane-reading fare. I say this because Phishing Exposed manages to succeed on two fronts: it is both an instructive technical reference, as well as a surprisingly compelling narrative.
The first is unsurprising -- it is, after all, a Syngress book, and so is typical of technical books from this imprint. The second accomplishment, though, was a pleasant surprise. It´s not common that someone as deeply involved in the technologies of network security are also talented writers.
As an example, while documenting the technical characteristics of e-mail delivery, James illustrates example forensic techniques of identifying the home city, working schedule, and handedness of the attacker. It´s this mix of CSI-meets-ITSec that makes the book an honest page-turner.
Given this literary attention to narrative and even elements of plot development (especially on the follow-the-breadcrumbs analysis of a seemingly endless series of HTTP redirects), this book illustrates the phishing problem in a way that both technically-oriented defenders and interested "power user" readers will understand and enjoy.¤ 4) Paperback Book Phishing Exposed by Syngress. Phishing Exposed is a powerful analysis of the many severe problems present in Web-based activities. Phishing Exposed is another threat-centric title from Syngress. The book presents research conducted by Secure Science Corporation as a way to understand the adversary. The author demonstrates his own attacks against multiple popular e-commerce sites as a way to show how phishers accomplish their goals. I was surprised by the extent to which the author could repeatedly abuse high-profile financial sites, and for that reason I highly recommend reading Phishing Exposed.
The book begins with an overview of the phishing problem. Three basic phishing techniques (impersonation, forwarding, and popup) are explained. The mechanics of email and HTTP are also described. The heart of the book appears in chapters 4 and 5, where almost 270 pages are devoted to the author´s assessment and abuse of banking sites. I was shocked by the author´s ability to repeatedly take advantage of vulnerabilities in client and server software and configuration. These chapters made me wonder if it is possible for an average end user -- or even a skilled technical user -- running popular operating systems and browsers to survive these sorts of high-end attacks.
Ch 6 featured some innovative material on subverting caller ID by using Voice over IP and other methods. I also appreciated the historical perspective in that chapter.
My only real concern is that the author devoted lots of material to his own attacks, and not as much to attacks by real phishers. I would have liked additional details on how to detect and potentially defeat these attacks using network-based and proxy-based means.
Incidentally, reviews by "relatives" should be considered suspect, although reviews with the title "inadequate and unoriginal" should be completely ignored. Reviews like that demonstrate another instance where that particular "reviewer" has once again skimmed the text and not spent any time reading the book. Phishing Exposed is incredibly original -- and that´s why I´ve given it five stars, despite some rough editing from Syngress.¤ 5) Paperback Book Phishing Exposed by Syngress. What do phishers gain from their techniques, and how do they steal identities, passwords, and information? Learn to identify the three classes of security attacks, how phishers scour the net for valid email addresses to attack, and how they are able to exploit computer vulnerabilities with Lane James´s Phishing Exposed, which will interest programmers, network administrators and legal officers alike. Chapters expose attacks then probe the world of organized phishing gangs and operations to show how phishers operate, and how you can protect your system.¤ 6) Paperback Book Phishing Exposed by Syngress. Uncover Secrets from the Dark Side Phishing Exposed provides an in-depth, high-tech view from both sides of the phishing playing field. In this unprecedented book, world-renowned phishing expert Lance James exposes the technical and financial techniques used by international clandestine phishing gangs to steal billions of dollars every year. The book is filled with technically detailed forensic examinations of real phishing scams. Armed with this invaluable intelligence, law enforcement officers, system administrators, and fraud investigators can resolve existing cases and prevent future attacks. Identify the Three Classes of Phishing Attacks-- Go behind the scenes to learn how phishing gangs execute impersonation, forwarding, and popup attacks. Uncover Phishing Servers and Blind Drops-- Follow the trail from hostile Web servers to anonymous e-mail accounts where stolen data is stored. Learn How E-mail Addresses Are Harvested-- See how phishers use bots and crawlers to scour the Internet for valid e-mall addresses to attack. Detect Cross-Site Scripting (CSS) Attacks-- Watch as phishers use CSS attacks to hijack browsers, steal cookies, and run malicious code on Web browsers. Exploit the Secure Sockets Layer (SSL--) Implement cross-user vulnerabilities to render SSL certificates null and void. Follow the Money -- Untangle the intricate web of international money laundering. See the Future of Phishing-- Learn how new pharming techniques use DNS poisoning to redirect online traffic to a malicious computer. Go Phishing -- Send phishing e-mails you have received to author Lance James for analysis. UPDATED TOC
Chapter 1 Banking On Phishing Chapter 2 Go Phish! Chapter 3 E-Mail: The Weapon of Mass Delivery Chapter 4 Crossing the Phishing Line Chapter 6 Malware, Money Movers, and Ma Bell Mayhem! Chapter 7 So Long, and Thanks for All the Phish!¤Page Updated: Robert N. Goolsby, 2-Dec-2008, 159749030X9781597490306, 780-590-870-0X1-571-601-8 
Phishing Exposed, Book, Image © Syngress
|
