Phishing Exposed [Paperback]

Lance James (Author)

Book Description

Publication Date: January 20, 2006

Phishing Exposed unveils the techniques phishers employ that enable them to successfully commit fraudulent acts against the global financial industry.

Also highlights the motivation, psychology and legal aspects encircling this deceptive art of exploitation. The External Threat Assessment Team will outline innovative forensic techniques employed in order to unveil the identities of these organized individuals, and does not hesitate to remain candid about the legal complications that make prevention and apprehension so difficult today.

This title provides an in-depth, high-tech view from both sides of the playing field, and is a real eye-opener for the average internet user, the advanced security engineer, on up through the senior executive management of a financial institution. This is the book to provide the intelligence necessary to stay one step ahead of the enemy, and to successfully employ a pro-active and confident strategy against the evolving attacks against e-commerce and its customers.

* Unveils the techniques phishers employ that enable them to successfully commit fraudulent acts
* Offers an in-depth, high-tech view from both sides of the playing field to this current epidemic
* Stay one step ahead of the enemy with all the latest information

Product Details

• Paperback: 450 pages
• Publisher: Syngress; 1 edition (January 20, 2006)
• Language: English
• ISBN-10: 159749030X
• ISBN-13: 978-1597490306
• Product Dimensions: 8.9 x 6.8 x 1.3 inches
• Shipping Weight: 1.3 pounds (View shipping rates and policies)
• Average Customer Review: 4.3 out of 5 stars  See all reviews (12 customer reviews)
• Amazon Best Sellers Rank: #1,401,622 in Books (See Top 100 in Books)

More About the Author

Lance James is an American computer scientist, considered an expert on computer security techniques such as anti-phishing. He has been quoted on the subject in multiple media outlets, including CBC, CNN, the BBC, the David Lawrence Show, ZDNet, Wired News, CSO, USA Today, Fox News, and the Washington Post.

He was born in 1978 in Wenatchee, Washington. His father was a Marine, and his mother was a diplomat working in the Canadian foreign service. His maternal grandfather Eric Maughan, is notable for being a centenarian, having turned 100 on August 31, 2005.

Because of his father's career, the family moved often, and James attended multiple high schools, from North Carolina to Burnaby North Secondary School, in Burnaby, British Columbia (the same school from which Michael J. Fox graduated), and Mount Vernon High School in Mount Vernon, Washington, from where he graduated. His first career was as a musician. He studied violin under Sherry Kloss, and then played jazz flamenco music in various locations in San Diego, with the band "Gatos Papacitos," playing violin and occasionally keyboards. At one point he was managed by Marcus Breaux ("Chance Styles"), until Breaux's untimely death.

In October 2001, James founded invisiblenet.net, a distributed cryptographic framework for the internet for anonymity and privacy.

In 2003, James founded "Secure Science Corporation", where he is currently CTO. SSC provides intelligence-based services and products for computer forensics and anti-phishing applications, providing intelligence to major financial institutions and government agencies.

James has been a keynote speaker at Secret Service Electronic Crimes Task Force meetings, and several major universities, including the University of Wisconsin-Madison's "Takedown" conference, in 2005, Rochester Institute of Technology, University of California San Diego, San Diego State University, and Cal State Poly. He also speaks to several law enforcement, regulatory, and intelligence agencies, the Pentagon, Anti-Phishing Working Group, Digital-Phishnet, UNAM-CERT, HTCIA Hong Kong, SANS, BIT, and testifies as an expert witness in U.S. Congressional Hearings.

James was married in 2002, and lives with his wife and children in San Diego.

Customer Reviews

Most Helpful Customer Reviews

5 of 5 people found the following review helpful:

5.0 out of 5 stars Expands the boundaries of client-side hacking, March 10, 2006

By 

Richard Bejtlich "TaoSecurity" (Metro Washington, DC) - See all my reviews
(REAL NAME)   

This review is from: Phishing Exposed (Paperback)

Phishing Exposed is a powerful analysis of the many severe problems present in Web-based activities. Phishing Exposed is another threat-centric title from Syngress. The book presents research conducted by Secure Science Corporation as a way to understand the adversary. The author demonstrates his own attacks against multiple popular e-commerce sites as a way to show how phishers accomplish their goals. I was surprised by the extent to which the author could repeatedly abuse high-profile financial sites, and for that reason I highly recommend reading Phishing Exposed.

The book begins with an overview of the phishing problem. Three basic phishing techniques (impersonation, forwarding, and popup) are explained. The mechanics of email and HTTP are also described. The heart of the book appears in chapters 4 and 5, where almost 270 pages are devoted to the author's assessment and abuse of banking sites. I was shocked by the author's ability to repeatedly take advantage of vulnerabilities in client and server software and configuration. These chapters made me wonder if it is possible for an average end user -- or even a skilled technical user -- running popular operating systems and browsers to survive these sorts of high-end attacks.

Ch 6 featured some innovative material on subverting caller ID by using Voice over IP and other methods. I also appreciated the historical perspective in that chapter.

My only real concern is that the author devoted lots of material to his own attacks, and not as much to attacks by real phishers. I would have liked additional details on how to detect and potentially defeat these attacks using network-based and proxy-based means.

Incidentally, reviews by "relatives" should be considered suspect, although reviews with the title "inadequate and unoriginal" should be completely ignored. Reviews like that demonstrate another instance where that particular "reviewer" has once again skimmed the text and not spent any time reading the book. Phishing Exposed is incredibly original -- and that's why I've given it five stars, despite some rough editing from Syngress.

6 of 8 people found the following review helpful:

5.0 out of 5 stars The Authoritive Guide On Phishing In 2005 & Into 2006., November 21, 2005

By 

N. Kapitanski (NYC) - See all my reviews
(REAL NAME)   

This review is from: Phishing Exposed (Paperback)

This is a great book! The author really knows what he's talking about and the ideas he presents give a great indication as to where phishing is going in the future. The exploits detailed in the book are technical, educating and even down right genius, such as the Yahoo Cross Site Scripting attack. The author does a good job of explaining things to non technical people, before getting in depth and extremely technical.

The book does a great job of covering a wide range of topics related to phishing so the reader understands the phishing process as a whole. Even Caller ID spoofing and anonymous telephony is included in Chapter 6, which is an interesting read that gives you some ideas where phishing of the future may be headed. Also, some of the little stories in Chapter 7 are really interesting and left me wanting more!! The bit about scanning a whole Korean Class B subnet range looking for 0day phishing servers, is one example!

I read "Phishing: Cutting the Identity Theft Line" over the summer, and I think that "Phishing Exposed" gives the reader a better understanding of the current phishing problem and what needs to be done in the future to protect both consumers and businesses. I would say this book is the authoritive guide on phishing in 2005 and into 2006.

1 of 1 people found the following review helpful:

5.0 out of 5 stars Not just a technical reference: A great read, July 16, 2006

By 

Tod Beardsley "Security Dork" (Austin, TX USA) - See all my reviews
(REAL NAME)   

This review is from: Phishing Exposed (Paperback)

If you're on your way to a security conference this summer, and you'd like to get up to speed on web site abuses and browser design vulnerabilities, this book makes for excellent airplane-reading fare. I say this because Phishing Exposed manages to succeed on two fronts: it is both an instructive technical reference, as well as a surprisingly compelling narrative.

The first is unsurprising -- it is, after all, a Syngress book, and so is typical of technical books from this imprint. The second accomplishment, though, was a pleasant surprise. It's not common that someone as deeply involved in the technologies of network security are also talented writers.

As an example, while documenting the technical characteristics of e-mail delivery, James illustrates example forensic techniques of identifying the home city, working schedule, and handedness of the attacker. It's this mix of CSI-meets-ITSec that makes the book an honest page-turner.

Given this literary attention to narrative and even elements of plot development (especially on the follow-the-breadcrumbs analysis of a seemingly endless series of HTTP redirects), this book illustrates the phishing problem in a way that both technically-oriented defenders and interested "power user" readers will understand and enjoy.