free page hit counter

Book reviews
Click banner for site map
Review: Phishing

Click here to buy me

Phishing

Cutting the identity theft line

by Rachael Lininger and Russell Dean Vines

Published by Wiley (2005)

309 pages

ISBN: 0-7645-8498-7

Reduced to ~US$14 from Amazon

Summary

Phishing is simply about someone sending out emails inviting you to ‘update your details’, right? Well, yes ... and no. This book ably demonstrates that there is rather more to it than that. Authors Rachael Lininger and Russell Dean Vines explain the basics and then go on to lift the covers on a seedy underworld where criminal hackers combine social engineering and fraud techniques with spyware, rootkits and other tricks to exploit vulnerabilities in email readers and Internet browsers.

Scope

Phishing is essentially a detailed security awareness text focusing on phishing and identity theft. Its main aim is to enable the reader to identify and avoid phishing emails and websites, with secondary objectives being to raise awareness of spyware and other forms of malware, and to advise those who have already swallowed the phisher’s bait. 

The two chapters giving advice for financial services and similar companies whose customers are being phished are fairly weak, but to be fair there is not a huge amount they can do. Two chapters of advice for ordinary computer users go well beyond the usual ‘watch out for phishing emails’, covering aspects such as antivirus and patching.

Audience

The following audiences are identified:

  • Incident response teams at financial institutions
  • Information security professionals and management
  • Executive management of any company whose brand might be spoofed
  • Everyone who uses the Internet

Phishing is quite a long and specific book that seems unlikely to be read by many non-technical readers, despite its laudable aims. The professional readership will benefit from this book.

Authors

Rachael Lininger is billed as a ‘technical writer in the information security department of a major US financial institution’. It is clear from her writing that she has written up a lot of phishing attacks before.

Russel Dean Vines is a well-qualified information security consultant and cyber-counterterrorism specialist as well as an accomplished jazz musician.

Writing style

Although the topics are quite technical in places, the book treads a fine line between oversimplifying things and delving too deeply. Rachael’s sections include some very welcome tongue-in-cheek asides and even the odd Monty Python reference to brighten up an otherwise rather dry topic. There are plenty of examples of phishing emails, analyzed down to the level of the HTML code, and URLs for more information.

Utility & value

Although things are moving rapidly in this field, Phishing remains relevant and useful two years or more after it was written. The authors’ experience evidently qualified them to take a forward-looking perspective. This should definitely be on the bookshelf of the information security department at any eBusiness.
NB homeBook reviews > Phishing >

Copyright © 2008 IsecT Ltd. and licensors