Phishing Exposed

( 4 )


Phishing Exposed unveils the techniques phishers employ that enable them to successfully commit fraudulent acts against the global financial industry.

Also highlights the motivation, psychology and legal aspects encircling this deceptive art of exploitation. The External Threat Assessment Team will outline innovative forensic techniques employed in order to unveil the identities of these organized individuals, and does not hesitate to remain ...

See more details below
Other sellers (Paperback)
  • All (12) from $19.99   
  • New (7) from $29.98   
  • Used (5) from $19.99   
Phishing Exposed

Available on NOOK devices and apps  
  • NOOK Devices
  • Samsung Galaxy Tab 4 NOOK 7.0
  • Samsung Galaxy Tab 4 NOOK 10.1
  • NOOK HD Tablet
  • NOOK HD+ Tablet
  • NOOK eReaders
  • NOOK Color
  • NOOK Tablet
  • Tablet/Phone
  • NOOK for Windows 8 Tablet
  • NOOK for iOS
  • NOOK for Android
  • NOOK Kids for iPad
  • PC/Mac
  • NOOK for Windows 8
  • NOOK for PC
  • NOOK for Mac
  • NOOK for Web

Want a NOOK? Explore Now

NOOK Book (eBook)
$29.99 price
(Save 42%)$51.95 List Price


Phishing Exposed unveils the techniques phishers employ that enable them to successfully commit fraudulent acts against the global financial industry.

Also highlights the motivation, psychology and legal aspects encircling this deceptive art of exploitation. The External Threat Assessment Team will outline innovative forensic techniques employed in order to unveil the identities of these organized individuals, and does not hesitate to remain candid about the legal complications that make prevention and apprehension so difficult today.

This title provides an in-depth, high-tech view from both sides of the playing field, and is a real eye-opener for the average internet user, the advanced security engineer, on up through the senior executive management of a financial institution. This is the book to provide the intelligence necessary to stay one step ahead of the enemy, and to successfully employ a pro-active and confident strategy against the evolving attacks against e-commerce and its customers.

* Unveils the techniques phishers employ that enable them to successfully commit fraudulent acts
* Offers an in-depth, high-tech view from both sides of the playing field to this current epidemic
* Stay one step ahead of the enemy with all the latest information

Anyone who has ever become a victim of a phish can benefit from this book. The author delivers the unconcealed techniques of phishers including their evolving patterns, and how to gain the upper hand against the ever-accelerating attacks they deploy.

Read More Show Less

Product Details

  • ISBN-13: 9781597490306
  • Publisher: Elsevier Science
  • Publication date: 1/20/2006
  • Pages: 450
  • Product dimensions: 0.86 (w) x 7.00 (h) x 10.00 (d)

Read an Excerpt

Phishing Exposed

By Lance James


Copyright © 2005 Syngress Publishing, Inc.
All right reserved.

ISBN: 978-0-08-048953-7

Chapter One

Banking On Phishing

Solutions in this chapter:

* Spam Classification * Cyber-Crime Evolution * What Is Phishing? * Fraud, Forensics, and the Law [

  •  ] Summary [
  •  ] Solutions Fast Track [
  •  ] Frequently Asked Questions


During 2004, close to 2 million U.S. citizens had their checking accounts raided by cyber-criminals. With the average reported loss per incident estimated at $1200, total losses were close to $2 billion. The incidence of phishing e-mails—e-mails that attempt to steal a consumer's user name and password by imitating e-mail from a legitimate financial institution—has risen 4,000 percent over the past six months. The term phishing comes from the fact that cyber-attackers are fishing for data; the ph is derived from the sophisticated techniques they employ, to distinguish their activities from the more simplistic fishing.

Over the last few years, online banking, including online bill paying, has become very popular as more financial institutions begin to offer free online services. With the increase in online fraud and identity theft, financial crimes have changed from direct attacks to indirect attacks—in other words, rather than robbing a bank at gunpoint, the criminals target the bank's customers. This type of indirect attack significantly impacts the financial institutions themselves because their inability to adequately protect their customer assets tarnishes their reputations and overall trust.

Originally termed carding and carried out by carders, phishing e-mails are just another form of spam. Universally regarded as an intrusive side effect of our electronic age, spam continues to proliferate at an unbelievable rate each month. According to antispam technology vendor Symantec (Symantec Internet Threat Report, Volume VII, March 2005), 63 percent of the 2.93 billion e-mails filtered by the company's Brightmail AntiSpam software were spam. In mid-July 2004, Brightmail AntiSpam filters blocked 9 million phishing attempts per week, increasing to over 33 million blocked messages per week in December 2004.

Postini, an antispam service provider that provides real-time, online spam statistics, reports that during a 24-hour period in March 2005, 10 out of 12 e-mails were officially classified as spam, and 1 out of 82 messages were infected with a virus.

Since we universally agree that spam is bad, you may ask why it is still one of the fastest-growing industries? The answer is, as long as 1 in 100,000 recipients actually responds to the "Click here" come-on in spammers' e-mails, spammers will find sufficient financial incentive to send out another 5 million spamming messages.

Litigation against spammers has been hampered by several factors: tracking the source, identifying the source, and interpreting international laws in attempts to prosecute. Many industry experts believe that the majority of the phishing and spam e-mails originate outside the United States. However, antivirus software provider Sophos has reported that 60 percent of the spam received by its SophosLabs worldwide spam research center in 2004 originated in the United States. According to SophosLabs, over 1200 new viruses were reported during the first two months of 2005—a significant increase over 2004 stats. The Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act of 2003 could be used to prosecute spammers, but over 60 percent of the spam sent from the United States was sent from computers infected with spam-relay Trojans and worms. These evil tools allow spammers from anywhere in the world to relay their messages through thousands of infected systems without the owners even knowing about it.

Spam Classification

Through the use of classification techniques and forensic data gathering, we can identify specific spam groups. In some cases the identification can include a specific individual; in other cases, groups of e-mails can be positively linked to the same unspecified group. Forensic tools and techniques can allow the identification of group attributes, such as nationality, left- or right-handedness, operating system preferences, and operational habits.

The identification techniques described in this book were developed for spam in general. However, these methods have shown an exceptional ability to identify some subsets of spam, including phishing, the focus of this book.

Spam Organization

There are two key items for identifying individual spammers or specific spam groups: the bulk mailing tool and the spammer's operational habits. People who send spam generally send millions of e-mails at a time. To maintain the high volume of e-mail generation, spammers use bulk-mailing tools. These tools generate unique e-mail headers and e-mail attributes that can be used to distinguish e-mail generated by different mailing tools. Although some bulk-mailing tools do permit randomized header values, field ordering, and the like, the set of items that can be randomized and the random value set are still limited to specific data subsets.

More important than the mailing tool is the fact that spammers are people, and people act consistently (until they need to change). They will use the same tools, the same systems, and the same feature subsets in the same order every time they do their work.

Simplifying the identification process, most spammers appear to be cheap. Although there are commercial bulk-mailing tools, most are very expensive. Spammers would rather create their own tools or pay someone to create a cheaper tool for them. Custom tools may have a limited distribution, but different users will use the tools differently. For example, Secure Science Corporation (SSC), a San Diego, California-based technology research company, has a unique forensic research tool that generates a unique header that is used in a unique way, which in many cases, makes it easy to sort and identify e-mails.

Figure 1.1 shows a subset of spam received by SSC.

This example shows that there are many different types of spam. Identification of an individual or group from this collection is very difficult. But there are things we can do to filter the spam. For example, a significant number of these spam messages have capital-letter hash busters located at the end of the subject line. So, we can sort the spam and look only at messages with capital-letter subject hash busters (Figure 1.2).

By sorting the spam based on specific features, we can detect some organization. We can further examine these e-mails and look for additional common attributes. For example, a significant number of spam messages have a Date with a time zone of -1700 (see Figure 1.3). On planet Earth, there is no time zone 1700, so this becomes a unique attribute that can be used to further organize the spam.

Based on the results of this minimal organization, we can identify specific attributes of this spammer:

* The hash buster is nearly always connected to the subject.

* The subject typically does not end with punctuation. However, if punctuation is included, it is usually an exclamation point.

* The file sizes are roughly the same number of lines (between 50 and 140 lines—short compared to most spam messages).

* Every one of the forged e-mail addresses claims to come from

* Every one of the fake account names appears to be repetitive letters followed by a number. In particular, the letters are predominantly from the left-hand side of the keyboard. This particular bulk-mailing tool requires the user to specify the fake account name. This can be done one of two ways: the user can either import a database of names or type them in by hand. In this case, the user is drumming his or her left hand on the keyboard (bcvbcv and cxzxca indicate finger drumming). With the right hand on the mouse, the user clicked the Enter key. Since the user's right hand is on the mouse, the user is very likely right-handed.

Although this spammer sends spam daily, he does take an occasional day off— for example,Thanksgiving, NewYear's Eve, the Fourth of July, a few days after Christmas, and every Raiders home game. Even though this spammer always relays through open socks servers that could be located anywhere in the world, we know that the spammer is located in the United States. We can even identify the region as the Los Angeles basin, with annual travel in the spring to Chicago (for one to two months) and in the fall to Mexico City (for one to two weeks).

The main items that help in this identification are:

* Bulk-mailing tool identification This does not necessarily mean identifying the specific tool; rather, this is the identification of unique mailing attributes found in the e-mail header.

* Feature subsets Items such as hash busters (format and location), content attributes (spelling errors, grammar), and unique feature subsets from the bulk-mailing tool.

* Sending methods Does the spammer use open relays or compromised hosts? Is there a specific time of day that the sender prefers?

The result from this classification is a profile of the spammer and/or his spamming group.

Classification Techniques

After we identify and profile individual spam groups, we can discern their intended purpose. To date, there are eight specific top-level spam classifications, including these four:

* Unsolicited commercial e-mail (UCE) This type is generated by true company trying to contact existing or potential customers. True UCE is extremely rare, accounting for less than one-tenth of 1 percent of all spam. (If all UCE were to vanish today, nobody would notice.)

* Nonresponsive commercial e-mail (NCE) NCE is sent by a true company that continues to contact a user after being told to stop. The key differences between UCE and NCE are (1) the user initiated contact and (2) the user later opted out from future communication. Even though the user opted out, the NCE mailer will continue to contact the user. NCE is only a problem to people who subscribe to many services, purchase items online, or initiate contact with the NCE company.

* List makers These are spam groups that make money by harvesting email addresses and then use the list for profit, such as selling the list to other spammers or marketing agencies.

* Scams Scams constitute the majority of spam. The goal of the scam is to acquire valuable assets through misrepresentation. Subsets under scams include 419 ("Nigerian-style" scams), malware, and phishing.


Phishing is a subset of the scam category. Phishers represent themselves as respected companies (the target) to acquire customer accounts, information, or access privileges. Through the classification techniques just described, we can identify specific phishing groups. The key items for identification include:

* Bulk-mailing tool identification and features

* Mailing habits, including, but not limited to, their specific patterns and schedules

* Types of systems used for sending the spam (e-mail origination host)

* Types of systems used for hosting the phishing server

* Layout of the hostile phishing server, including the use of HTML, JS, PHP, and other scripts

To date, according to SSC, there are an estimated four dozen phishing groups worldwide, with more than half the groups targeting customers in the United States. The remainder of this book demonstrates techniques to help you better understand and track phishers and to help enable a solid line of defense against these cyber-criminals, which most view as an overwhelming offense. The book begins with a general overview and then moves into very specific, in-depth views from both sides of the fence, the good and the bad.

Cyber-Crime Evolution

Chances are high that you have received a phish in your e-mail within the few months or even last week. By the time this book is published and into your hands, the operations that involve phishing scams will have accelerated due to aggressive malware propagation (trojans, viruses), automated botnets, and the overall infrastructure that has been established by these cyber-scammers.

So let's step back for a moment. Our world has changed significantly since I was a kid. Just 10 years ago, the sophistication of hackers and the tools available to them were somewhat limited from both the national and international security perspective. Yes, there was cyber-crime, no denying that, but not at the audacious level we are experiencing today. Breaking into computer systems was motivated by the need for exploration, information, and education. That was the world of the late-night, for-fun hackers, which are now but a memory (who would have thought we would be nostalgic for them one day!).


Excerpted from Phishing Exposed by Lance James Copyright © 2005 by Syngress Publishing, Inc.. Excerpted by permission of Syngress. All rights reserved. No part of this excerpt may be reproduced or reprinted without permission in writing from the publisher.
Excerpts are provided by Dial-A-Book Inc. solely for the personal use of visitors to this web site.

Read More Show Less

Table of Contents

1 The art of Research
2 Email Effectiveness
3 Where's The Money
4 Lawful Forensics
5 Malware and XSS 5
6 Telephony Exploitation
7.0 Final Analysis
Read More Show Less

Customer Reviews

Average Rating 5
( 4 )
Rating Distribution

5 Star


4 Star


3 Star


2 Star


1 Star


Your Rating:

Your Name: Create a Pen Name or

Barnes & Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation


  • - By submitting a review, you grant to Barnes & and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Terms of Use.
  • - Barnes & reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously
Sort by: Showing all of 4 Customer Reviews
  • Anonymous

    Posted August 1, 2013



    0 out of 1 people found this review helpful.

    Was this review helpful? Yes  No   Report this review
  • Anonymous

    Posted August 1, 2013


    Can I join too?

    0 out of 1 people found this review helpful.

    Was this review helpful? Yes  No   Report this review
  • Anonymous

    Posted March 11, 2014


    *sits on the couch*

    Was this review helpful? Yes  No   Report this review
  • Anonymous

    Posted August 1, 2013


    May i join

    0 out of 1 people found this review helpful.

    Was this review helpful? Yes  No   Report this review
Sort by: Showing all of 4 Customer Reviews

If you find inappropriate content, please report it to Barnes & Noble
Why is this product inappropriate?
Comments (optional)