BKFRSPLI.RVW 20060710 "Frauds, Spies, and Lies", Fred Cohen, 2005, 1-878109-36-7, U$29.95/C$33.45 %A Fred Cohen Fred dot Cohen at all dot net %C 572 Leona Dr, Livermore, CA 94550 %D 2005 %G 1-878109-36-7 %I Fred Cohen and Associates %O U$29.95/C$33.45 925-454-0171 %O http://www.amazon.com/exec/obidos/ASIN/1878109367/robsladesinterne http://www.amazon.co.uk/exec/obidos/ASIN/1878109367/robsladesinte-21 %O http://www.amazon.ca/exec/obidos/ASIN/1878109367/robsladesin03-20 %O Audience n+ Tech 1 Writing 2 (see revfaq.htm for explanation) %P 234 p. %T "Frauds, Spies, and Lies: and How to Defeat Them" Over the years, lots of books have promised to teach us how to deal with social enginering, fraudulent practices, con jobs, deceit, and just plain old lies. There are the pedestrian warnings that it is dangerous out there, such as Barrett's "Bandits on the Information Superhighway" (cf. BKBOTISH.RVW). Or Mintz' listing of nasty Websites in "Web of Deception" (cf. BKWBDCPT.RVW). Or the repetitive recounting of confidence games in Mitnick and Simon's "The Art of Deception" (cf. BKARTDCP.RVW). Generally these works retail similar stories, with little variation and even less analysis. Cohen's slim volume is a bit different. Chapter one is a brief introduction to the structure of the book. Chapter two defines frauds, and then lists a huge series of variations on the theme. Many books that deal with the topic provide examples, but this exhausting (and nearly exhaustive) catalogue, even with minimal analysis, allows the reader to begin to see patterns and thus furnishes a useful alert for awareness of the issues, regardless of the student's background. (Fred, I wonder if you are entirely correct about 419 frauds.) The topic of deception, in chapter three, deals first with how we think, and what analytical mistakes we are likely to make. This preparation is augmented by examples of how fraudsters and confidence tricksters can use these errors. (An interesting addition is a section dealing with self-deception, in regard to the justifications scammers use.) Cohen's wit and humour are used to good effect in pointing out the absurdities of some of our thinking patterns. Most "spying" is not James Bond derring-do, and chapter four outlines the means that "HUMINT" (human intelligence) specialists use to obtain information, mostly in normal conversation. This material would be very useful in creating security awareness courses dealing with social engineering. Defence and counterintelligence is covered in chapter five. Chapter six leans more towards the countering of various types of frauds. This is not your normal security book, but then typical security works have had remarkably little success in addressing this particular topic. Security professionals will find little new in these pages, but the aggregation of the variant frauds is, itself, useful. Certainly no specialized background is needed to approach the text: anyone can pick it up and get a good deal of useful security awareness from a perusal of chapter two alone. The size of the work should not be daunting for anyone, and the content is quite readable. (I must note that the typography and formatting creates a bit of a problem: the lack of "white space" can sometimes make section changes a bit hard to follow, despite the careful and clear numbering of sections and subsections.) I'd recommend this book, particularly as bedtime reading for any security professional, and for those involved with security awareness programs. However, it should have a broader readership: any reasonably intelligent person will find something useful and helpful for building a safer and enlightened attitude to the dangers of this complex world. copyright Robert M. Slade, 2006 BKFRSPLI.RVW 20060710