Phishing: Cutting the Identity Theft Line

Phishing attacks, or at least the number of phishing emails intercepted by Messagelabs, jumped more than 1700% from June through November of 2004. The Anti-Phishing Working Group has reported an average growth of 25% per month for websites devoted to stealing your confidential information and your identity. Phishing and identity theft are serious threats. However, as the authors point out early on in the book, identity theft has been around as long as there have been identities and is not unique to computers or the Internet. Phishing attacks are simply a new tool for identity thieves to use. Phishing provides the information that consumers need to understand the threat and the risks and arm themselves to safeguard their information and defend against phishing attacks. The book is not bogged down with dry detail, but provides a ton of useful and necessary information in an easy-to-read format. After reading this book, users will understand just how phishing works ad how it ties together with spam, spyware and other threats. Readers will also learn how to avoid becoming a phishing victim as well as who to contact or how to respond if they do. This is an excellent book that just about anyone who uses computers should read.

"Phishing - Cutting the Identity Theft Line", is very readable, relevant, and informative. As a leading risk professional in banking and finance where losses due to these scams have recently to move into the millions at many institutions, the book is timely and is a must read for business leaders and consumers. It lucidly explains key phishing concepts and techniques and what can be done to mitigate the risks.

I was browsing through computer security oriented books recently (May 2005) at a large national book chain. I went through the indexes in the back of the books to see how often or not the category "Phishing" was referenced. It was very few. I then stumbled across this book. It is very informative to those who are only vaguely familiar with this big scam. The authors even provide sample text and code that phishers have regularly used. As noted in the book, in the earlier days, the phishers often used poorly constructed English in their spam, but the scam has grown in its own sophistication. The authors provide also very clear terminology in regards to this scam, such as the difference between the terms: phish, vs. phishing vs. phishing sites vs. phishing email. They also provide help to those who have fallen for the phishing scams. The authors give the reader step by step instructions on how to go to the police to file a report and to report the issue to the ISP. The authors are very correct, this problem of phishing is only going to grow larger as a problem online despite making more people aware of it and the unknown backend battle against it by the ISPs. Luckily magazines like Readers' Digest and Newsweek have had occasional articles on phishing. I can only hope spreading more of such awareness minimizes more attacks against unsuspecting users online who are defrauded. I work in a field where I attempt to minimize phishing scams. I found that such attacks have seemed to increase over the past year. A good starter site for such information is: antiphishing.org the Anti-Phishing Working Group's website. The phishers typically attack by compromising webservers with outdated OSes and/ or setting up fraudulent hosting accounts with stolen credit cards. In my own forensic research from time to time with phishing scams on infected webservers, that often the culprits setting up the phishing sites are originating from IPs in foreign countries, notably North Africa and Eastern Europe. The only draw back to this book I can think of is I wish the book had more information pulled from ISPs themselves who fight this serious scam.

Phishing is the scourge of the internet right now. Rachael Lininger and Russell Dean Vines have done a pretty good job in helping individuals and companies understand the problem with their book Phishing - Cutting The Identity Theft Line (Wiley). Chapter List: Phishing for Phun and Profit; Bait and Switch: Phishing Emails; False Fronts: Phishing Websites; Are You Owned: Understanding Phishing Spyware; Gloom and Doom: You Can't Stop Phishing Completely; Helping Your Organization Avoid Phishing; Fighting Back: How Your Organization Can Respond To Attack; Avoiding the Hook: Consumer Education; Help! I'm a Phish! Consumer Response; Glossary of Phishing-Related Terms; Useful Websites; Identity Theft Affidavit; Index It used to be I'd see one or two "requests" a week to update my personal information for places like eBay or Citibank. Now it's closer to two or three a day. I'm well aware that these phishing attempts are scams meant to commit identity theft, but apparently we internet-savvy people are in the minority. Lininger and Vines have written a very readable and understandable guide to phishing that can easily be given to nearly anyone to help them protect themselves. The uninitiated will quickly grasp the idea that they shouldn't be responding to emails like these, and as a result they'll be much safer. People who are internet-savvy will learn the tricks that are used by the phishers to make links appear to be something other than what they truly are. Even organizations can benefit from the chapters on what they should do if they find that their servers have been co-opted to run a phishing scam. Very practical material with the benefit of being a book that's fun to read. This is information that needs to be in the hands of all internet users these days...

This book describes the latest threats about phishing in a clear, friendly way, and directs the reader to solutions. Since the subject is relatively new, there isn't a lot of information about phishing in book form. "Phishing" fills this gap quite well.