Phishing Exposed and over one million other books are available for Amazon Kindle. Learn more

Vous voulez voir cette page en français ? Cliquez ici.


or
Sign in to turn on 1-Click ordering.
or
Amazon Prime Free Trial required. Sign up when you check out. Learn More
More Buying Choices
Have one to sell? Sell yours here
Start reading Phishing Exposed on your Kindle in under a minute.

Don't have a Kindle? Get your Kindle here, or download a FREE Kindle Reading App.

Phishing Exposed [Paperback]

Lance James

Price: CDN$ 51.95 & FREE Shipping. Details
o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o
Only 1 left in stock (more on the way).
Ships from and sold by Amazon.ca. Gift-wrap available.
Want it delivered Tuesday, August 26? Choose One-Day Shipping at checkout.

Formats

Amazon Price New from Used from
Kindle Edition CDN $44.72  
Paperback CDN $51.95  
Save Up to 90% on Textbooks
Hit the books in Amazon.ca's Textbook Store and save up to 90% on used textbooks and 35% on new textbooks. Learn more.

Book Description

Jan. 6 2006
Phishing Exposed unveils the techniques phishers employ that enable them to successfully commit fraudulent acts against the global financial industry.

Also highlights the motivation, psychology and legal aspects encircling this deceptive art of exploitation. The External Threat Assessment Team will outline innovative forensic techniques employed in order to unveil the identities of these organized individuals, and does not hesitate to remain candid about the legal complications that make prevention and apprehension so difficult today.

This title provides an in-depth, high-tech view from both sides of the playing field, and is a real eye-opener for the average internet user, the advanced security engineer, on up through the senior executive management of a financial institution. This is the book to provide the intelligence necessary to stay one step ahead of the enemy, and to successfully employ a pro-active and confident strategy against the evolving attacks against e-commerce and its customers.

* Unveils the techniques phishers employ that enable them to successfully commit fraudulent acts
* Offers an in-depth, high-tech view from both sides of the playing field to this current epidemic
* Stay one step ahead of the enemy with all the latest information

Customers Who Bought This Item Also Bought


Product Details


Inside This Book (Learn More)
Explore More
Concordance
Browse Sample Pages
Front Cover | Copyright | Table of Contents | Excerpt | Index
Search inside this book:

Customer Reviews

There are no customer reviews yet on Amazon.ca
5 star
4 star
3 star
2 star
1 star
Most Helpful Customer Reviews on Amazon.com (beta)
Amazon.com: 4.3 out of 5 stars  11 reviews
5 of 5 people found the following review helpful
5.0 out of 5 stars Expands the boundaries of client-side hacking March 10 2006
By Richard Bejtlich - Published on Amazon.com
Format:Paperback
Phishing Exposed is a powerful analysis of the many severe problems present in Web-based activities. Phishing Exposed is another threat-centric title from Syngress. The book presents research conducted by Secure Science Corporation as a way to understand the adversary. The author demonstrates his own attacks against multiple popular e-commerce sites as a way to show how phishers accomplish their goals. I was surprised by the extent to which the author could repeatedly abuse high-profile financial sites, and for that reason I highly recommend reading Phishing Exposed.

The book begins with an overview of the phishing problem. Three basic phishing techniques (impersonation, forwarding, and popup) are explained. The mechanics of email and HTTP are also described. The heart of the book appears in chapters 4 and 5, where almost 270 pages are devoted to the author's assessment and abuse of banking sites. I was shocked by the author's ability to repeatedly take advantage of vulnerabilities in client and server software and configuration. These chapters made me wonder if it is possible for an average end user -- or even a skilled technical user -- running popular operating systems and browsers to survive these sorts of high-end attacks.

Ch 6 featured some innovative material on subverting caller ID by using Voice over IP and other methods. I also appreciated the historical perspective in that chapter.

My only real concern is that the author devoted lots of material to his own attacks, and not as much to attacks by real phishers. I would have liked additional details on how to detect and potentially defeat these attacks using network-based and proxy-based means.

Incidentally, reviews by "relatives" should be considered suspect, although reviews with the title "inadequate and unoriginal" should be completely ignored. Reviews like that demonstrate another instance where that particular "reviewer" has once again skimmed the text and not spent any time reading the book. Phishing Exposed is incredibly original -- and that's why I've given it five stars, despite some rough editing from Syngress.
6 of 8 people found the following review helpful
5.0 out of 5 stars The Authoritive Guide On Phishing In 2005 & Into 2006. Nov. 21 2005
By N. Kapitanski - Published on Amazon.com
Format:Paperback
This is a great book! The author really knows what he's talking about and the ideas he presents give a great indication as to where phishing is going in the future. The exploits detailed in the book are technical, educating and even down right genius, such as the Yahoo Cross Site Scripting attack. The author does a good job of explaining things to non technical people, before getting in depth and extremely technical.

The book does a great job of covering a wide range of topics related to phishing so the reader understands the phishing process as a whole. Even Caller ID spoofing and anonymous telephony is included in Chapter 6, which is an interesting read that gives you some ideas where phishing of the future may be headed. Also, some of the little stories in Chapter 7 are really interesting and left me wanting more!! The bit about scanning a whole Korean Class B subnet range looking for 0day phishing servers, is one example!

I read "Phishing: Cutting the Identity Theft Line" over the summer, and I think that "Phishing Exposed" gives the reader a better understanding of the current phishing problem and what needs to be done in the future to protect both consumers and businesses. I would say this book is the authoritive guide on phishing in 2005 and into 2006.
1 of 1 people found the following review helpful
5.0 out of 5 stars Not just a technical reference: A great read July 16 2006
By Tod Beardsley - Published on Amazon.com
Format:Paperback
If you're on your way to a security conference this summer, and you'd like to get up to speed on web site abuses and browser design vulnerabilities, this book makes for excellent airplane-reading fare. I say this because Phishing Exposed manages to succeed on two fronts: it is both an instructive technical reference, as well as a surprisingly compelling narrative.

The first is unsurprising -- it is, after all, a Syngress book, and so is typical of technical books from this imprint. The second accomplishment, though, was a pleasant surprise. It's not common that someone as deeply involved in the technologies of network security are also talented writers.

As an example, while documenting the technical characteristics of e-mail delivery, James illustrates example forensic techniques of identifying the home city, working schedule, and handedness of the attacker. It's this mix of CSI-meets-ITSec that makes the book an honest page-turner.

Given this literary attention to narrative and even elements of plot development (especially on the follow-the-breadcrumbs analysis of a seemingly endless series of HTTP redirects), this book illustrates the phishing problem in a way that both technically-oriented defenders and interested "power user" readers will understand and enjoy.
3 of 4 people found the following review helpful
5.0 out of 5 stars Details That Developers and Security Experts Need Aug. 28 2006
By sixmonkeyjungle - Published on Amazon.com
Format:Paperback
Phishing quickly exploded from a nuisance to a full-fledged threat in the middle of 2005. Weaknesses in email, combined with flaws in Web security and with a little social engineering mixed in make for an effective tool to get the attention of users and lure unsuspecting people into the trap.

It didn't take long for the organized crime elements of the malware underground to recognize the power and efficiency of this tool. Phishing is a virtual poster-child for the convergence of malware because it is a malicious tool that helps tie viruses, worms, spam, Trojans and other malware together and get them delivered effectively to their designated targets.

While a book like Phishing: Cutting The Identity Theft Line is aimed at managers and executives and users, this book is more along the lines of Inside The Spam Cartel in the way it dives deeper to look at the secrets and techniques and explore the underground that makes it work.

While the content is more technical, James writing is engaging. Phishing Exposed is an excellent resource for developers, specifically Web developers, and for security experts to understand more about how and why phishing works, rather than just what it is and how to detect and defend against it.
1 of 1 people found the following review helpful
2.0 out of 5 stars unoriginal Dec 14 2005
By W Boudville - Published on Amazon.com
Format:Paperback
The book tries to do two things. It explains what phishing is and it offers countermeasures against it. On the first issue, it gives a decent explanation of the various forms of phishing. Like how it can be email that directs you to a website (pharm) run by the phisher.

On how to stop phishing, the book is sadly inadequate. For example, it explains how the phishers inject their messages into the Internet. This is the broader problem of spammers doing so. And for this, there is no feasible antidote. Mostly because of the early, trusting model of email sending that was developed for the Internet before the Web appeared. But also a deeper problem is that as the Internet continues to grow, with millions of new nodes added each year, each node is a potential injection point. Exacerbated by many of these nodes being computers owned by individuals, without the background to regularly install antivirus software.

Then there are the book's suggestions on good practices. It says that users who get messages claiming to be from a bank and asking them to login to a [fake] site should be sceptical. While this is correct advice, it relies on a user acting accordingly. But this human factor is weak. It is precisely this that the phishers direct their attacks at. You might not be fooled. Probably because you are concerned enough that you are considering reading the book, and are in fact reading this review right now. However, phishing, like spam, preferentially targets the ill-educated or gullible. And they are very unlikely to read this book or any others on the subject. The point is that if a recipient gets to the point of actually reading a phishing message, then it is already too late for some non-negligible percentage of users. And it is that percentage from which banks take losses.

By the way, phishing messages can indeed be very well written. There was a survey recently of various technical managers, who were given a set of messages, some phishing and some not. Very few of them could correctly identify all the phishing messages.

Another countermeasure described is the use of honeypots to attract messages. Which might then be manually analysed by experts to identify phishing. But this manual identification is itself expensive and slow. Part of the expense is due to phishing being in several languages - those of the developed countries and also of several key developing countries like China, Brazil and India. So if you are a global antiphishing vendor, you need to hire people who know those languages. But why? The book doesn't offer any cheaper alternative.

Also, the book suggests that a bank who sends out real messages should only have links in these back to its main website. And not to any independent third party sites or to more obscure domains that it might own. Another instance of how unoriginal the text is. What if a bank wanted to do a co-marketing campaign with United Airlines or Toyota, and put links to those companies in its messages, for example? Why shouldn't it do this? Or say the bank owns the domain homemortgage.com. Why can't it have links to that as well as to its main domain?

Look for similar items by category


Feedback