Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Buy Now $29.99
Standard view
Full view
of .
Look up keyword or section
Like this
3Activity

Table Of Contents

Why Go Phishing?
It’s Everyone’s Fault
Terms
Phishing Scams
What Happens in a Phishing Attack
Who Is Doing the Phishing?
Script Kiddies
Serious Crackers
Organized Crime
Terrorists
Where They Come From
Who Is Targeted?
End Users
Businesses
Phishing Paraphernalia
Compromised Boxes
Free Email Accounts
The Other Kind of Phishing
Account Fraud and Identity Theft
Account Fraud
How Easy Is It to Steal My Identity?
Why Phishing Isn’t Going Away
Spam! Wonderful Spam!
Bulk Mail
Legal Considerations
How to Send Spam
Where to Send Spam
How to Avoid Spam Filters
Break Up the Trigger Words
Fake a From: Address
Spoofed Senders
Near-Miss Domain Names
Webmail Addresses
Your Name and Number
Links
Basic HTML Links
JavaScript Rollovers
Image Maps
All-in-One Phishing Emails
Phishing Servers
How to Take Over Computers
Which Computers to Take Over
What to Do Once You’re In
One Site, Two Sites
It’s Not Dead, It’s Resting!
Saving Information
Looking Good
Stealing Source Code
Progressions of Screens
Well-Placed Error Messages
Address Bar Spoofing
Popups in Front of the Legitimate Website
Popups for Verisimilitude
Confusion
Near-Miss Domain Names (Again)
Bare Naked IP Addresses
User Authentication Confusion
Vulnerabilities
Identifying Browsers
Internet Explorer
Other Browsers
Public Key Encryption, Certificates, and SSL
Public and Private Keys
Certificates
Secure Sockets Layer
Phishing for Certificates
Address Poisoning
DNS Poisoning
There’s No Place Like 127.0.0.1
Fooling the Postman
Spyware Central
Common Spyware Uses
Advertising and Marketing
Governmental Monitoring
Corporate Monitoring
Child Monitoring
Criminal Cracking
Spyware Types
Adware
Keyloggers
Hijackers
Trojan Horses
Phone Dialers
Web Bugs
Spambots
Bogus Spyware Removal Programs
Not on My Machine: How You Get Spyware
Hot and Fresh to Your Door
Spyware versus Viruses
The Pop-Up Download
The Drive-By Download
Symptoms of a Spyware Infection
Attack Vectors
Email
Blacklist
Whitelist
Deception Schemes
Social Engineering
Counterfeit Websites
Naming Names: An Overview of Some Specific Spyware
Browser Hijackers and Redirectors
CoolWebSearch
Xupiter
Submithook
Adware Trackers and Pop-Up Distracters
Downloader.GK
Gator Advertising Information Network
Bogus Adware Removers
Email Relay Trojans
As the Worm Turns
Multistage and Blended Threats
JS/QHosts21-A
Scob
WebMoney Trojan
Grams – E-Gold Account Siphoner
Department of Odd Exploits
Gloom and Doom: You Can’t Stop Phishing Completely
Who Is Responsible?
Phish
Spoofed Nonfinancial Institutions
Financial Institutions
Government
The Internet Is Broken
Mutual Authentication Is Not Possible
The Domain Name System Is Fragile
Major Infrastructure Changes Happen Slowly
The Credit System Is Broken
Time Out
Marketing, Marketing, Marketing
Why Phishing Won’t Go Away
Man-in-the-Middle
Answers?
Educating Users
Using Prosecution as a Deterrent
Using the Profit Motive
Interacting with Customers
Standard Customer Communication Policy
Email Authentication Systems
JavaScript
Cross-Site Scripting Flaws
User-Agent Strings
Client-Side Solutions
Authentication
Two-Factor Authentication
European Solutions
Toolbar Mania
SpoofStick
EarthLink Toolbar
eBay Toolbar
Google
Netcraft
Much, Too Much, Toolbar
Server-Side Solutions
Images
Near-Miss Domains and Webjacking
Sharing Information
IETF Draft Proposals
Info Groups
Anti-Phishing Working Group
Digital PhishNet
Internet Crime Prevention & Control Institute
Law Enforcement and Federal Agencies
Apres-Phish
Identity-Scoring Systems
Fair Isaac
ID Analytics
Problems with Identity-Scoring Systems
Other Fraud-Alerting Products
Intrusion Detection Systems
Honeypot Systems
Honeypot Issues
Dealing with Customers
Due Diligence
Privacy and the Law
Gramm-Leach-Bliley
Sarbanes-Oxley
The Data Protection Act and 95/46/EC
HIPAA
Putting Together an Attack Response Plan
Liability
Monitoring and Auditing
Incident-Handling Capability
Computer Incident Response Team
Conducting an Investigation
Evidence
Evidence Admissibility
Forensic Evidence Handling and Preservation
Phishing Response
Find the Bad Servers
Find Out Who’s Responsible
Take Them Down Quickly
Takedown Services
Dealing with ISPs
Offshore ISPs
The ICPCI Process
1.Preparatory Phase
Preparatory Phase
Attack Detection Phase
Takedown Phase
Post-Attack Phase
Computer Safety
Choose Safer Software
Operating System
Peer-to-Peer
Other Software
Maintain Safer Systems
Back Up
Use Passwords and Rename Known User Accounts
Don’t Log in as an Administrator
Install Patches
Turn Off Services You Don’t Need
Install a Firewall
Test Your Defenses
Fixing Windows-Specific Problems
Pull the Plug
Passwords
Making Good Passwords
Remembering Your Passwords
Special Note about Compromised Servers
Internet Safety
The Rules
Don’t Believe Everything You Read
What Information Is Available?
How Much Do You Trust the Information?
Chat
Financial Safety
Identifying the Warning Signs of Identity Theft
If You’ve Been Phished
Log What Happens
Change Your Passwords
Close Accounts
Get a Credit Report
Recovering from Identity Theft
Send Letters to Everyone
Contact the Credit Bureaus
Fill Out the Identity Theft Affidavit
File a Police Report
Contact the Federal Trade Commission
Supposed Creditors
Talk to the Post Office
Get in Touch with the Social Security Administration
Talk to the Department of Motor Vehicles
Contact the Passport Office
Reporting Phishing Scams (Even When You’re Not a Victim)
Reporting a Phishing Scam When You Have the Email
Reporting a Phishing Scam When You Don’t Have the Email
Maintaining Hope
Index
P. 1
Phishing: Cutting the Identity Theft Line

Phishing: Cutting the Identity Theft Line

Ratings: (0)|Views: 135|Likes:
Published by Wiley
"Phishing" is the hot new identity theft scam. An unsuspectingvictim receives an e-mail that seems to come from a bank or otherfinancial institution, and it contains a link to a Web site wheres/he is asked to provide account details. The site lookslegitimate, and 3 to 5 percent of people who receive the e-mail goon to surrender their information-to crooks. One e-mail monitoringorganization reported 2.3 billion phishing messages in February2004 alone.

If that weren't enough, the crooks have expanded theiroperations to include malicious code that steals identityinformation without the computer user's knowledge. Thousands ofcomputers are compromised each day, and phishing code isincreasingly becoming part of the standard exploits.
Written by a phishing security expert at a top financialinstitution, this unique book helps IT professionals respond tophishing incidents. After describing in detail what goes intophishing expeditions, the author provides step-by-step directionsfor discouraging attacks and responding to those that have alreadyhappened.

In Phishing, Rachael Lininger:

Offers case studies that reveal the technical ins and outs ofimpressive phishing attacks. Presents a step-by-step model for phishing prevention. Explains how intrusion detection systems can help preventphishers from attaining their goal-identity theft. Delivers in-depth incident response techniques that can quicklyshutdown phishing sites.
"Phishing" is the hot new identity theft scam. An unsuspectingvictim receives an e-mail that seems to come from a bank or otherfinancial institution, and it contains a link to a Web site wheres/he is asked to provide account details. The site lookslegitimate, and 3 to 5 percent of people who receive the e-mail goon to surrender their information-to crooks. One e-mail monitoringorganization reported 2.3 billion phishing messages in February2004 alone.

If that weren't enough, the crooks have expanded theiroperations to include malicious code that steals identityinformation without the computer user's knowledge. Thousands ofcomputers are compromised each day, and phishing code isincreasingly becoming part of the standard exploits.
Written by a phishing security expert at a top financialinstitution, this unique book helps IT professionals respond tophishing incidents. After describing in detail what goes intophishing expeditions, the author provides step-by-step directionsfor discouraging attacks and responding to those that have alreadyhappened.

In Phishing, Rachael Lininger:

Offers case studies that reveal the technical ins and outs ofimpressive phishing attacks. Presents a step-by-step model for phishing prevention. Explains how intrusion detection systems can help preventphishers from attaining their goal-identity theft. Delivers in-depth incident response techniques that can quicklyshutdown phishing sites.

More info:

Publish date: May 6, 2005
Added to Scribd: Dec 20, 2012
Copyright:Traditional Copyright: All rights reservedISBN:9780764599224
List Price: $29.99 Buy Now

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
This book can be read on up to 6 mobile devices.
See more
See less

02/17/2015

337

9780764599224

$29.99

USD

You're Reading a Free Preview
Pages 7 to 69 are not shown in this preview.
You're Reading a Free Preview
Pages 79 to 103 are not shown in this preview.
You're Reading a Free Preview
Pages 110 to 266 are not shown in this preview.
You're Reading a Free Preview
Pages 273 to 337 are not shown in this preview.

Activity (3)

You've already reviewed this. Edit your review.
1 thousand reads
1 hundred reads
kzoneknr liked this

You're Reading a Free Preview

Download
scribd