Phishing and Counter Measures: Understanding the Increasing Problem of Electronic Identity Theft

Phishing attacks, or the practice of deceiving people into revealing sensitive data on a computer system, continue to mount. Here is the information you need to understand how phishing works, how to detect it, and how to prevent it.

Phishing and Countermeasures begins with a technical introduction to the problem, setting forth the tools and techniques that phishers use, along with current security technology and countermeasures that are used to thwart them. Readers are not only introduced to current techniques of phishing, but also to emerging and future threats and the countermeasures that will be needed to stop them. The potential and limitations of all countermeasures presented in the text are explored in detail. In spite of the fact that phishing attacks constantly evolve, much of the material in this book will remain valid, given that the book covers the general principles as much as actual instances of phishing.

While delving into a myriad of countermeasures and defense strategies, the authors also focus on the role of the user in preventing phishing attacks. The authors assert that countermeasures often fail not for technical reasons, but rather because users are unable or unwilling to use them. In response, the authors present a number of countermeasures that are simple for users to implement, or that can be activated without a user's direct participation. Moreover, the authors propose strategies for educating users. The text concludes with a discussion of how researchers and security professionals can ethically and legally perform phishing experiments to test the effectiveness of their defense strategies against the strength of current and future attacks.

Each chapter of the book features an extensive bibliography to help readers explore individual topics in greater depth. With phishing becoming an ever-growing threat, the strategies presented in this text are vital for technical managers, engineers, and security professionals tasked with protecting users from unwittingly giving out sensitive data. It is also recommended as a textbook for students in computer science and informatics.

About the Authors

Dr. Markus Jakobsson received his Ph.D. from the University of California at San Diego in 1997. After a few years as a Member of the Technical Staff at Bell Labs, and another few years as both principal research scientist at RSA Laboratories and an adjunct associate professor at New York University, he joined Indiana University at Bloomington as an Associate Professor in the School of Informatics. He is associate director of the Center for Applied Cybersecurity and a founder of RavcnWhitc. a startup aiming to protect users and corporations against phishing. He is researching security and fraud, including phishing, click-fraud, and malware. He consults for the financial industry, is an inventor or co-inventor of more than 60 patents and patents pending, and author or co-author of more than 80 peer-reviewed publications.

Dr. Steven Myers received his Ph.D. from the Department of Computer Science at the University of Toronto in 2005. During his studies he worked for Echoworx. an Internet security firm specializing in secure and usable email products, and interned with the applied mathematics group in the research devision of Telcordia Technologies. He is. at the time of writing, an assistant professor with the School of Informatics at Indiana University at Bloomington. He also serves as a member of Indiana University's Center for Applied Cybersecurity, and he consults in areas relating to cryptography and systems security. He is the co-author of a number of scientific papers related to cryptography, a contributor to several books, and the inventor or co-inventor of four patents or pending patents.