"Phishing" is the hot new identity theft scam. An unsuspectingvictim receives an e-mail that seems to come from a bank or otherfinancial institution, and it contains a link to a Web site wheres/he is asked to provide account details. The site lookslegitimate, and 3 to 5 percent of people who receive the e-mail goon to surrender their information-to crooks. One e-mail monitoringorganization reported 2.3 billion phishing messages in February2004 alone.If that weren't enough, the crooks have expanded theiroperations to include malicious code that steals identityinformation without the computer user's knowledge. Thousands ofcomputers are compromised each day, and phishing code isincreasingly becoming part of the standard exploits.Written by a phishing security expert at a top financialinstitution, this unique book helps IT professionals respond tophishing incidents. After describing in detail what goes intophishing expeditions, the author provides step-by-step directionsfor discouraging attacks and responding to those that have alreadyhappened.In Phishing, Rachael Lininger:* Offers case studies that reveal the technical ins and outs ofimpressive phishing attacks.* Presents a step-by-step model for phishing prevention.* Explains how intrusion detection systems can help preventphishers from attaining their goal-identity theft.* Delivers in-depth incident response techniques that can quicklyshutdown phishing sites.
Autorentext
Rachael Lininger works as a technical writer in the information security department of a major U.S. financial institution. She has documented too many phishing cases to count.
Russell Dean Vines is a best-selling author and president of The RDV Group, a security services firm. He is a specialist in cyber counter-terrorism and a consultant on security vulnerabilities.
Klappentext
Have you been caught yet?
They don't just want to know who you are, they want to BE who you are. By duplicating a legitimate website, phishers can convince you that email asking for your personal information came from your bank, an online retailer, even your ISP. Their high-tech identity theft costs American consumers and businesses billions, and if you access the Internet, you're a target. Whether you manage corporate security or just shop online, this book is loaded with weapons you can't afford to be without.
- Be able to identify and avoid phishing emails and websites
- Recognize spyware, understand how it benefits phishers, and learn how to get rid of it
- Take appropriate steps to safeguard your organization against attack
- Learn how to protect yourself online
- Find out how to report phishing incidents, and why you should
- Understand the scope of phishing and how it threatens our online infrastructure
- Explore additional resources that will keep you up to date
- Discover how to get off the hook if you've already swallowed the bait
Zusammenfassung
"Phishing" is the hot new identity theft scam. An unsuspecting victim receives an e-mail that seems to come from a bank or other financial institution, and it contains a link to a Web site where s/he is asked to provide account details. The site looks legitimate, and 3 to 5 percent of people who receive the e-mail go on to surrender their information-to crooks. One e-mail monitoring organization reported 2.3 billion phishing messages in February 2004 alone.
If that weren't enough, the crooks have expanded their operations to include malicious code that steals identity information without the computer user's knowledge. Thousands of computers are compromised each day, and phishing code is increasingly becoming part of the standard exploits.
Written by a phishing security expert at a top financial institution, this unique book helps IT professionals respond to phishing incidents. After describing in detail what goes into phishing expeditions, the author provides step-by-step directions for discouraging attacks and responding to those that have already happened.
In Phishing, Rachael Lininger:
- Offers case studies that reveal the technical ins and outs of impressive phishing attacks.
- Presents a step-by-step model for phishing prevention.
- Explains how intrusion detection systems can help prevent phishers from attaining their goal-identity theft.
- Delivers in-depth incident response techniques that can quickly shutdown phishing sites.
Inhalt
About the Authors.
Introduction.
Chapter 1: Phishing for Phun and Profit.
Chapter 2: Bait and Switch: Phishing Emails.
Chapter 3: False Fronts: Phishing Websites.
Chapter 4: Are You Owned? Understanding Phishing Spyware.
Chapter 5: Gloom and Doom: You Can't Stop Phishing Completely.
Chapter 6: Helping Your Organization Avoid Phishing.
Chapter 7: Fighting Back: How Your Organization Can Respond to Attacks.
Chapter 8: Avoiding the Hook: Consumer Education.
Chapter 9: Help! I'm a Phish! Consumer Response.
Appendix A: Glossary of Phishing-Related Terms.
Appendix B: Useful Websites.
Appendix C: Identity Theft Affidavit.
Index.