Phishing Exposed

Phishers have 4 basic attack methods, and are ever expanding their arsenal of techniques. But underneath, you'll find they still contain fundamental flaws within their attack-- if you look close enough. The author reveals these techniques and dives deep into exploiting the phishers, empowering the defending side to track, detect, prevent and deter future attacks. The first set of chapters introduces you to the art of research and demonstrates the detailed and accurate results that this enduring practice presents. This analysis establishes the existence of multiple distinct phishing groups, and the author delivers a powerful technique to identify groups of phishers, even linking them to certain spamming groups. Presently, there are 36 unique active groups, with 4 main large groups that are encompassing the principal activity and possess the majority of earnings acquired from these illicit endeavors.

After uncovering the properties of phishing: the first phases of attack, the author takes you into the exploration of the moneytransfer scams and the business fronts they create to recruit mules to do their laundry. An exploration of the how-to uncovers the rules mule drivers must employ on mule recruitment and how these rules bind them in their attempts to protect their identity. Also observed is how telephony exploitation is used to remain anonymous and scam transfer companies, such as moneygram and western union, and how evolving future telecommunication attacks may enable phishers to continue their illicit endeavors.

Phishing Exposed links the malware authors to the phishing community, and how the economics of the underground are established, including demonstration of the malware used, with analysis of some undetectable malware including variants of Berbew, mitgleider, A311 Death (haxdoor) and Sasser. The final chapters explore the other activities of this organized criminal enterprise, and discusses the impact of limited legislation and collaboration by domestic and international law enforcement that hinders successful apprehension. The author encourages collaboration, and displays the successes with intelligence and reconnaissance due to collaboration with ISP's, other investigators, law enforcement and financial institutions.

Also highlights the motivation, psychology and legal aspects encircling this deceptive art of exploitation. The External Threat Assessment Team will outline innovative forensic techniques employed in order to unveil the identities of these organized individuals, and does not hesitate to remain candid about the legal complications that make prevention and apprehension so difficult today.

This title provides an in-depth, high-tech view from both sides of the playing field, and is a real eye-opener for the average internet user, the advanced security engineer, on up through the senior executive management of a financial institution. This is the book to provide the intelligence necessary to stay one step ahead of the enemy, and to successfully employ a pro-active and confident strategy against the evolving attacks against e-commerce and its customers.

* Unveils the techniques phishers employ that enable them to successfully commit fraudulent acts

* Offers an in-depth, high-tech view from both sides of the playing field to this current epidemic

* Stay one step ahead of the enemy with all the latest information

2 Email Effectiveness

3 Where's The Money

4 Lawful Forensics

5 Malware and XSS 5

6 Telephony Exploitation

7.0 Final Analysis