Phishing Exposed

Phishing attacks have increased exponentially and are used for identity theft, financial gain, and the spread of malware. Phishing Exposed is aimed at a behind the scenes look at phishing. Rather than discussing the concept of phishing or how users should protect themselves, this book focuses on the seedy underground of phishing and how or why it works.

About The Book

In Phishing Exposed: Uncover Secrets From The Dark Side, Lance James provides a deep, technical look at the nuts and bolts that make phishing attack work.

After a brief Foreword from Joe Stewart, a Senior Security Researcher with LUHRQ, James dives right in. The chapters are each quite detailed. With only seven chapters, the book still comes in at just under 400 pages.

Chapter 1 (Banking On Phishing) provides a basic explanation, history and overview of phishing and where it fits on the malware map.

In chapter 2 (Go Phish!), the book examines the basic techniques of phishing and provides in-depth descriptions of the Impersonation Attack, the Forwarding Attack, and the Popup Attack.

Chapter 3 (Email: The Weapon of Mass Delivery) explores how email is used to effectively deliver phishing attacks to users, and chapter 4 (Crossing The Phishing Line) discusses some of the flaws and weaknesses in the Web that make phishing possible.

Chapter 5 (The Dark Side of the Web) provides more detail about how exploiting the Web makes phishing work and Chapter 7 (So Long, and Thanks For All The Phish!) summarizes and wraps things up.

Chapter 6 (Malware, Money Movers, and Ma Bell Mayhem!) contains the real treasure of information.

My Review

Phishing quickly exploded from a nuisance to a full-fledged threat in the middle of 2005. Weaknesses in email, combined with flaws in Web security and with a little social engineering mixed in make for an effective tool to get the attention of users and lure unsuspecting people into the trap.

It didn't take long for the organized crime elements of the malware underground to recognize the power and efficiency of this tool. Phishing is a virtual poster-child for the convergence of malware because it is a malicious tool that helps tie viruses, worms, spam, Trojans and other malware together and get them delivered effectively to their designated targets.

While a book like Phishing: Cutting The Identity Theft Line is aimed at managers and executives and users, this book is more along the lines of Inside The Spam Cartel in the way it dives deeper to look at the secrets and techniques and explore the underground that makes it work.

While the content is more technical, James writing is engaging. Phishing Exposed is an excellent resource for developers, specifically Web developers, and for security experts to understand more about how and why phishing works, rather than just what it is and how to detect and defend against it.