Phishing Exposed and over one million other books are available for Amazon Kindle. Learn more

Vous voulez voir cette page en français ? Cliquez ici.

Sign in to turn on 1-Click ordering.
Amazon Prime Free Trial required. Sign up when you check out. Learn More
More Buying Choices
Have one to sell? Sell yours here
Start reading Phishing Exposed on your Kindle in under a minute.

Don't have a Kindle? Get your Kindle here, or download a FREE Kindle Reading App.

Phishing Exposed [Paperback]

Lance James

Price: CDN$ 51.95 & FREE Shipping. Details
o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o
Only 1 left in stock (more on the way).
Ships from and sold by Gift-wrap available.
Want it delivered Tuesday, April 22? Choose One-Day Shipping at checkout.


Amazon Price New from Used from
Kindle Edition CDN $35.46  
Paperback CDN $51.95  

Book Description

Jan. 6 2006
Phishing Exposed unveils the techniques phishers employ that enable them to successfully commit fraudulent acts against the global financial industry.

Also highlights the motivation, psychology and legal aspects encircling this deceptive art of exploitation. The External Threat Assessment Team will outline innovative forensic techniques employed in order to unveil the identities of these organized individuals, and does not hesitate to remain candid about the legal complications that make prevention and apprehension so difficult today.

This title provides an in-depth, high-tech view from both sides of the playing field, and is a real eye-opener for the average internet user, the advanced security engineer, on up through the senior executive management of a financial institution. This is the book to provide the intelligence necessary to stay one step ahead of the enemy, and to successfully employ a pro-active and confident strategy against the evolving attacks against e-commerce and its customers.

* Unveils the techniques phishers employ that enable them to successfully commit fraudulent acts
* Offers an in-depth, high-tech view from both sides of the playing field to this current epidemic
* Stay one step ahead of the enemy with all the latest information

Customers Who Bought This Item Also Bought

Product Details

Inside This Book (Learn More)
Explore More
Browse Sample Pages
Front Cover | Copyright | Table of Contents | Excerpt | Index
Search inside this book:

Customer Reviews

There are no customer reviews yet on
5 star
4 star
3 star
2 star
1 star
Most Helpful Customer Reviews on (beta) 4.3 out of 5 stars  11 reviews
5 of 5 people found the following review helpful
5.0 out of 5 stars Expands the boundaries of client-side hacking March 10 2006
By Richard Bejtlich - Published on
Phishing Exposed is a powerful analysis of the many severe problems present in Web-based activities. Phishing Exposed is another threat-centric title from Syngress. The book presents research conducted by Secure Science Corporation as a way to understand the adversary. The author demonstrates his own attacks against multiple popular e-commerce sites as a way to show how phishers accomplish their goals. I was surprised by the extent to which the author could repeatedly abuse high-profile financial sites, and for that reason I highly recommend reading Phishing Exposed.

The book begins with an overview of the phishing problem. Three basic phishing techniques (impersonation, forwarding, and popup) are explained. The mechanics of email and HTTP are also described. The heart of the book appears in chapters 4 and 5, where almost 270 pages are devoted to the author's assessment and abuse of banking sites. I was shocked by the author's ability to repeatedly take advantage of vulnerabilities in client and server software and configuration. These chapters made me wonder if it is possible for an average end user -- or even a skilled technical user -- running popular operating systems and browsers to survive these sorts of high-end attacks.

Ch 6 featured some innovative material on subverting caller ID by using Voice over IP and other methods. I also appreciated the historical perspective in that chapter.

My only real concern is that the author devoted lots of material to his own attacks, and not as much to attacks by real phishers. I would have liked additional details on how to detect and potentially defeat these attacks using network-based and proxy-based means.

Incidentally, reviews by "relatives" should be considered suspect, although reviews with the title "inadequate and unoriginal" should be completely ignored. Reviews like that demonstrate another instance where that particular "reviewer" has once again skimmed the text and not spent any time reading the book. Phishing Exposed is incredibly original -- and that's why I've given it five stars, despite some rough editing from Syngress.
6 of 8 people found the following review helpful
5.0 out of 5 stars The Authoritive Guide On Phishing In 2005 & Into 2006. Nov. 21 2005
By N. Kapitanski - Published on
This is a great book! The author really knows what he's talking about and the ideas he presents give a great indication as to where phishing is going in the future. The exploits detailed in the book are technical, educating and even down right genius, such as the Yahoo Cross Site Scripting attack. The author does a good job of explaining things to non technical people, before getting in depth and extremely technical.

The book does a great job of covering a wide range of topics related to phishing so the reader understands the phishing process as a whole. Even Caller ID spoofing and anonymous telephony is included in Chapter 6, which is an interesting read that gives you some ideas where phishing of the future may be headed. Also, some of the little stories in Chapter 7 are really interesting and left me wanting more!! The bit about scanning a whole Korean Class B subnet range looking for 0day phishing servers, is one example!

I read "Phishing: Cutting the Identity Theft Line" over the summer, and I think that "Phishing Exposed" gives the reader a better understanding of the current phishing problem and what needs to be done in the future to protect both consumers and businesses. I would say this book is the authoritive guide on phishing in 2005 and into 2006.
1 of 1 people found the following review helpful
5.0 out of 5 stars Not just a technical reference: A great read July 16 2006
By Tod Beardsley - Published on
If you're on your way to a security conference this summer, and you'd like to get up to speed on web site abuses and browser design vulnerabilities, this book makes for excellent airplane-reading fare. I say this because Phishing Exposed manages to succeed on two fronts: it is both an instructive technical reference, as well as a surprisingly compelling narrative.

The first is unsurprising -- it is, after all, a Syngress book, and so is typical of technical books from this imprint. The second accomplishment, though, was a pleasant surprise. It's not common that someone as deeply involved in the technologies of network security are also talented writers.

As an example, while documenting the technical characteristics of e-mail delivery, James illustrates example forensic techniques of identifying the home city, working schedule, and handedness of the attacker. It's this mix of CSI-meets-ITSec that makes the book an honest page-turner.

Given this literary attention to narrative and even elements of plot development (especially on the follow-the-breadcrumbs analysis of a seemingly endless series of HTTP redirects), this book illustrates the phishing problem in a way that both technically-oriented defenders and interested "power user" readers will understand and enjoy.
3 of 4 people found the following review helpful
5.0 out of 5 stars Details That Developers and Security Experts Need Aug. 28 2006
By sixmonkeyjungle - Published on
Phishing quickly exploded from a nuisance to a full-fledged threat in the middle of 2005. Weaknesses in email, combined with flaws in Web security and with a little social engineering mixed in make for an effective tool to get the attention of users and lure unsuspecting people into the trap.

It didn't take long for the organized crime elements of the malware underground to recognize the power and efficiency of this tool. Phishing is a virtual poster-child for the convergence of malware because it is a malicious tool that helps tie viruses, worms, spam, Trojans and other malware together and get them delivered effectively to their designated targets.

While a book like Phishing: Cutting The Identity Theft Line is aimed at managers and executives and users, this book is more along the lines of Inside The Spam Cartel in the way it dives deeper to look at the secrets and techniques and explore the underground that makes it work.

While the content is more technical, James writing is engaging. Phishing Exposed is an excellent resource for developers, specifically Web developers, and for security experts to understand more about how and why phishing works, rather than just what it is and how to detect and defend against it.
2 of 3 people found the following review helpful
5.0 out of 5 stars Phishing Needs to be Exposed to More of Us! Oct. 29 2006
By Marnie_ATL - Published on
Here are the chapters:

- Chapter 1 Banking On Phishing
- Chapter 2 Go Phish!
- Chapter 3 E-Mail: The Weapon of Mass Delivery
- Chapter 4 Crossing the Phishing Line
- Chapter 6 Malware, Money Movers, and Ma Bell Mayhem!
- Chapter 7 So Long, and Thanks for All the Phish!
395 pages paperback

As others have stated in their reviews, this is the book if you are involved in Internet security either at an ISP, webserver administrator or a security analyst at a large corporation or in law enforcement dealing with cybercrime. Phishing Exposed is also very useful for watch dog individuals on the web who actively report Internet scams to ISPs. It is an eye opener on how phishing scams have gotten more sophisticated in snaring unsuspecting victims' data within the last few years. This book was released in late 2005, however, most of the information is still rather relevant and useful for today for those who are working to minimize Internet fraud. For example, the use of botnets and malware have gained a larger role in the proliferation of phishing scams since this book was published; the author does cover some detail on this newer approach to perpetuating fraud online.

I have pretty much read the entire book, though I read quickly through all the scripting and coding details Lance outlines in his book and the detail takes up quite a few pages. I did enjoy reading it, thus why it only took me about 2 days to get through it. As I come across some of the coding complexities Lance outlines, I will return to this book as a reference.

One criticism I have is there is no glossary of terms. Lance uses many many technical terms, a few here and there that I didn't know and when I did read them, sometimes I forgot what they stood for.

I will point out a few highlights which may be useful for some of what is covered:

Email Headers
The author provides us information on how to read email headers we receive in spam from phishers who are just a subset of spammers anyway. This is quite useful for those still learning how to decode email headers line by line. Though there are a few things the author leaves out regarding explaining the breakdown of headers, he covers this seldom-covered subject quite well. Most of the samples of spam we have here are Lance's own fake phishing spams, similar to examples you will read in the scripting sections.

The author tells us about CSS (Cross Site Scripting) - Cross site scripting (also known as XSS) occurs when a web application gathers malicious data from a user. The data is usually gathered in the form of a hyperlink which contains malicious content within it. The user will most likely click on this link from another website, instant message, or simply just reading a web board or email message [...]. This part of the book will take me longer to grasp as my own scripting knowledge is not very strong.

Lance covers the scripting exploits in creating phishing websites in regards to DHTML, DOM, SSL, JavaScript, redirects, and covers HTTP responses (common status codes) via user-agents. Lance uses his own made-up phishing sites to demonstrate how these scripts work. Status codes example: such as 404 file not found.

Money Laundering
Finally, the author also covers phisher money laundering in chapter (6) "Chapter 6 Malware, Money Movers, and Ma Bell Mayhem!" of the book. Phishers use mules to forward the funds for them (mules have bank accounts setup to accept the money and transfer it elsewhere: sometimes the "mules" do not even realize they are participating in illegal activity); this is similar to what drug dealers do to launder their money. He also covers caller ID spoofing in this chapter. This area is probably generally less well known, as it is more of the bank side of things of how the stolen money is transfered from account to account.

Look for similar items by category