 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
Phishing
Cutting the identity theft line
by Rachael Lininger and Russell Dean Vines
Published by Wiley (2005)
309 pages
ISBN: 0-7645-8498-7
~US$30 from Amazon
Summary
Phishing is simply about someone sending out emails inviting you to ‘update your details’, right? Well, yes ... and no. This book ably demonstrates that there is rather more to it than that. Authors Rachael Lininger and Russell Dean Vines explain the basics and then go on to lift the covers on a seedy underworld where criminal hackers combine social engineering and fraud techniques with spyware, rootkits and other tricks to exploit vulnerabilities in email readers and Internet browsers.
Scope
Phishing is essentially a detailed security awareness text focusing on phishing and identity theft. Its main aim is to enable the reader to identify and avoid phishing emails and websites, with secondary objectives being to raise awareness of spyware and other forms of malware, and to advise those who have already swallowed the phisher’s bait.
The two chapters giving advice for financial services and similar companies whose customers are being phished are fairly weak, but to be fair there is not a huge amount they can do. Two chapters of advice for ordinary computer users go well beyond the usual ‘watch out for phishing emails’, covering aspects such as antivirus and patching.
Audience
The following audiences are identified:
-
Incident response teams at financial institutions
-
Information security professionals and management
-
Executive management of any company whose brand might be spoofed
-
Everyone who uses the Internet
Phishing is quite a long and specific book that seems unlikely to be read by many non-technical readers, despite its laudable aims. The professional readership will benefit from this book.
Authors
Rachael Lininger is billed as a ‘technical writer in the information security department of a major US financial institution’. It is clear from her writing that she has written up a lot of phishing attacks before.
Russel Dean Vines is a well-qualified information security consultant and cyber-counterterrorism specialist as well as an accomplished jazz musician.
Writing style
Although the topics are quite technical in places, the book treads a fine line between oversimplifying things and delving too deeply. Rachael’s sections include some very welcome tongue-in-cheek asides and even the odd Monty Python reference to brighten up an otherwise rather dry topic. There are plenty of examples of phishing emails, analyzed down to the level of the HTML code, and URLs for more information.
Utility & value
Although things are moving rapidly in this field, Phishing remains relevant and useful two years or more after it was written. The authors’ experience evidently qualified them to take a forward-looking perspective. This should definitely be on the bookshelf of the information security department at any eBusiness.
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
Copyright © 2012 IsecT Ltd.