Temporarily out of stock.
Order now and we'll deliver when available. We'll e-mail you with an estimated delivery date as soon as we have more information. Your account will only be charged when we ship the item.
Ships from and sold by Amazon.ca. Gift-wrap available.
Phishing Exposed has been added to your Cart
+ CDN$ 6.49 shipping
Used: Good | Details
Sold by Daily-Deal-
Condition: Used: Good
Comment: This Book is in Good Condition. Used Copy With Light Amount of Wear. 100% Guaranteed.
Have one to sell?
Flip to back Flip to front
Listen Playing... Paused   You're listening to a sample of the Audible audio edition.
Learn more
See this image

Phishing Exposed Paperback – Jan 20 2006

See all 2 formats and editions Hide other formats and editions
Amazon Price
New from Used from
Kindle Edition
"Please retry"
"Please retry"
CDN$ 71.68
CDN$ 52.87 CDN$ 45.01

Harry Potter and the Cursed Child
click to open popover

No Kindle device required. Download one of the Free Kindle apps to start reading Kindle books on your smartphone, tablet, and computer.
Getting the download link through email is temporarily not available. Please check back later.

  • Apple
  • Android
  • Windows Phone
  • Android

To get the free app, enter your mobile phone number.

Product Details

  • Paperback: 450 pages
  • Publisher: Syngress; 1 edition (Jan. 20 2006)
  • Language: English
  • ISBN-10: 159749030X
  • ISBN-13: 978-1597490306
  • Product Dimensions: 17.8 x 2.9 x 22.7 cm
  • Shipping Weight: 599 g
  • Average Customer Review: Be the first to review this item
  • Amazon Bestsellers Rank: #2,588,051 in Books (See Top 100 in Books)
  •  Would you like to update product info, give feedback on images, or tell us about a lower price?

  • See Complete Table of Contents

Customer Reviews

There are no customer reviews yet on Amazon.ca
5 star
4 star
3 star
2 star
1 star

Most Helpful Customer Reviews on Amazon.com (beta)

Amazon.com: HASH(0x9f57b294) out of 5 stars 11 reviews
5 of 5 people found the following review helpful
HASH(0x9f5a9d44) out of 5 stars Expands the boundaries of client-side hacking March 10 2006
By Richard Bejtlich - Published on Amazon.com
Format: Paperback
Phishing Exposed is a powerful analysis of the many severe problems present in Web-based activities. Phishing Exposed is another threat-centric title from Syngress. The book presents research conducted by Secure Science Corporation as a way to understand the adversary. The author demonstrates his own attacks against multiple popular e-commerce sites as a way to show how phishers accomplish their goals. I was surprised by the extent to which the author could repeatedly abuse high-profile financial sites, and for that reason I highly recommend reading Phishing Exposed.

The book begins with an overview of the phishing problem. Three basic phishing techniques (impersonation, forwarding, and popup) are explained. The mechanics of email and HTTP are also described. The heart of the book appears in chapters 4 and 5, where almost 270 pages are devoted to the author's assessment and abuse of banking sites. I was shocked by the author's ability to repeatedly take advantage of vulnerabilities in client and server software and configuration. These chapters made me wonder if it is possible for an average end user -- or even a skilled technical user -- running popular operating systems and browsers to survive these sorts of high-end attacks.

Ch 6 featured some innovative material on subverting caller ID by using Voice over IP and other methods. I also appreciated the historical perspective in that chapter.

My only real concern is that the author devoted lots of material to his own attacks, and not as much to attacks by real phishers. I would have liked additional details on how to detect and potentially defeat these attacks using network-based and proxy-based means.

Incidentally, reviews by "relatives" should be considered suspect, although reviews with the title "inadequate and unoriginal" should be completely ignored. Reviews like that demonstrate another instance where that particular "reviewer" has once again skimmed the text and not spent any time reading the book. Phishing Exposed is incredibly original -- and that's why I've given it five stars, despite some rough editing from Syngress.
6 of 8 people found the following review helpful
HASH(0x9f5a9d98) out of 5 stars The Authoritive Guide On Phishing In 2005 & Into 2006. Nov. 21 2005
By N. Kapitanski - Published on Amazon.com
Format: Paperback
This is a great book! The author really knows what he's talking about and the ideas he presents give a great indication as to where phishing is going in the future. The exploits detailed in the book are technical, educating and even down right genius, such as the Yahoo Cross Site Scripting attack. The author does a good job of explaining things to non technical people, before getting in depth and extremely technical.

The book does a great job of covering a wide range of topics related to phishing so the reader understands the phishing process as a whole. Even Caller ID spoofing and anonymous telephony is included in Chapter 6, which is an interesting read that gives you some ideas where phishing of the future may be headed. Also, some of the little stories in Chapter 7 are really interesting and left me wanting more!! The bit about scanning a whole Korean Class B subnet range looking for 0day phishing servers, is one example!

I read "Phishing: Cutting the Identity Theft Line" over the summer, and I think that "Phishing Exposed" gives the reader a better understanding of the current phishing problem and what needs to be done in the future to protect both consumers and businesses. I would say this book is the authoritive guide on phishing in 2005 and into 2006.
1 of 1 people found the following review helpful
HASH(0x9f5ad1ec) out of 5 stars unoriginal Dec 14 2005
By W Boudville - Published on Amazon.com
Format: Paperback
The book tries to do two things. It explains what phishing is and it offers countermeasures against it. On the first issue, it gives a decent explanation of the various forms of phishing. Like how it can be email that directs you to a website (pharm) run by the phisher.

On how to stop phishing, the book is sadly inadequate. For example, it explains how the phishers inject their messages into the Internet. This is the broader problem of spammers doing so. And for this, there is no feasible antidote. Mostly because of the early, trusting model of email sending that was developed for the Internet before the Web appeared. But also a deeper problem is that as the Internet continues to grow, with millions of new nodes added each year, each node is a potential injection point. Exacerbated by many of these nodes being computers owned by individuals, without the background to regularly install antivirus software.

Then there are the book's suggestions on good practices. It says that users who get messages claiming to be from a bank and asking them to login to a [fake] site should be sceptical. While this is correct advice, it relies on a user acting accordingly. But this human factor is weak. It is precisely this that the phishers direct their attacks at. You might not be fooled. Probably because you are concerned enough that you are considering reading the book, and are in fact reading this review right now. However, phishing, like spam, preferentially targets the ill-educated or gullible. And they are very unlikely to read this book or any others on the subject. The point is that if a recipient gets to the point of actually reading a phishing message, then it is already too late for some non-negligible percentage of users. And it is that percentage from which banks take losses.

By the way, phishing messages can indeed be very well written. There was a survey recently of various technical managers, who were given a set of messages, some phishing and some not. Very few of them could correctly identify all the phishing messages.

Another countermeasure described is the use of honeypots to attract messages. Which might then be manually analysed by experts to identify phishing. But this manual identification is itself expensive and slow. Part of the expense is due to phishing being in several languages - those of the developed countries and also of several key developing countries like China, Brazil and India. So if you are a global antiphishing vendor, you need to hire people who know those languages. But why? The book doesn't offer any cheaper alternative.

Also, the book suggests that a bank who sends out real messages should only have links in these back to its main website. And not to any independent third party sites or to more obscure domains that it might own. Another instance of how unoriginal the text is. What if a bank wanted to do a co-marketing campaign with United Airlines or Toyota, and put links to those companies in its messages, for example? Why shouldn't it do this? Or say the bank owns the domain homemortgage.com. Why can't it have links to that as well as to its main domain?
1 of 1 people found the following review helpful
HASH(0x9f5ad5ac) out of 5 stars Not just a technical reference: A great read July 16 2006
By Tod Beardsley - Published on Amazon.com
Format: Paperback
If you're on your way to a security conference this summer, and you'd like to get up to speed on web site abuses and browser design vulnerabilities, this book makes for excellent airplane-reading fare. I say this because Phishing Exposed manages to succeed on two fronts: it is both an instructive technical reference, as well as a surprisingly compelling narrative.

The first is unsurprising -- it is, after all, a Syngress book, and so is typical of technical books from this imprint. The second accomplishment, though, was a pleasant surprise. It's not common that someone as deeply involved in the technologies of network security are also talented writers.

As an example, while documenting the technical characteristics of e-mail delivery, James illustrates example forensic techniques of identifying the home city, working schedule, and handedness of the attacker. It's this mix of CSI-meets-ITSec that makes the book an honest page-turner.

Given this literary attention to narrative and even elements of plot development (especially on the follow-the-breadcrumbs analysis of a seemingly endless series of HTTP redirects), this book illustrates the phishing problem in a way that both technically-oriented defenders and interested "power user" readers will understand and enjoy.
3 of 4 people found the following review helpful
HASH(0x9f5ad690) out of 5 stars Details That Developers and Security Experts Need Aug. 28 2006
By sixmonkeyjungle - Published on Amazon.com
Format: Paperback
Phishing quickly exploded from a nuisance to a full-fledged threat in the middle of 2005. Weaknesses in email, combined with flaws in Web security and with a little social engineering mixed in make for an effective tool to get the attention of users and lure unsuspecting people into the trap.

It didn't take long for the organized crime elements of the malware underground to recognize the power and efficiency of this tool. Phishing is a virtual poster-child for the convergence of malware because it is a malicious tool that helps tie viruses, worms, spam, Trojans and other malware together and get them delivered effectively to their designated targets.

While a book like Phishing: Cutting The Identity Theft Line is aimed at managers and executives and users, this book is more along the lines of Inside The Spam Cartel in the way it dives deeper to look at the secrets and techniques and explore the underground that makes it work.

While the content is more technical, James writing is engaging. Phishing Exposed is an excellent resource for developers, specifically Web developers, and for security experts to understand more about how and why phishing works, rather than just what it is and how to detect and defend against it.