Phishing Dark Waters: The Offensive and Defensive Sides of Malicious Emails

Phishing Dark Waters: The Offensive and Defensive Sides of Malicious Emails

By: Michele Fincher (author), Christopher Hadnagy (author), Robin Dreeke (foreword_author)Paperback

Up to 2 WeeksUsually despatched within 2 weeks

£22.94 RRP £26.99  You save £4.05 (15%) With FREE Saver Delivery


An essential anti-phishing desk reference for anyone with an email address Phishing Dark Waters addresses the growing and continuing scourge of phishing emails, and provides actionable defensive techniques and tools to help you steer clear of malicious emails. Phishing is analyzed from the viewpoint of human decision-making and the impact of deliberate influence and manipulation on the recipient. With expert guidance, this book provides insight into the financial, corporate espionage, nation state, and identity theft goals of the attackers, and teaches you how to spot a spoofed e-mail or cloned website. Included are detailed examples of high profile breaches at Target, RSA, Coca Cola, and the AP, as well as an examination of sample scams including the Nigerian 419, financial themes, and post high-profile event attacks. Learn how to protect yourself and your organization using anti-phishing tools, and how to create your own phish to use as part of a security awareness program. Phishing is a social engineering technique through email that deceives users into taking an action that is not in their best interest, but usually with the goal of disclosing information or installing malware on the victim's computer. Phishing Dark Waters explains the phishing process and techniques, and the defenses available to keep scammers at bay. * Learn what a phish is, and the deceptive ways they've been used * Understand decision-making, and the sneaky ways phishers reel you in * Recognize different types of phish, and know what to do when you catch one * Use phishing as part of your security awareness program for heightened protection Attempts to deal with the growing number of phishing incidents include legislation, user training, public awareness, and technical security, but phishing still exploits the natural way humans respond to certain situations. Phishing Dark Waters is an indispensible guide to recognizing and blocking the phish, keeping you, your organization, and your finances safe.

About Author

CHRISTOPHER HADNAGY, author of Social Engineering: The Art of Human Hacking, specializes in the human aspects of technology. With more than 14 years of experience in technology, he is CEO of Social-Engineer, Inc. and a frequent speaker at major security conferences. MICHELE FINCHER possesses more than 20 years experience as a behavioral scientist, researcher, and information security professional. She is a senior penetration tester and Chief Influencing Officer at Social-Engineer, Inc.


Foreword xxiii Introduction xxvii Chapter 1 An Introduction to the Wild World of Phishing 1 Phishing 101 2 How People Phish 4 Examples 7 High-Profi le Breaches 7 Phish in Their Natural Habitat 10 Phish with Bigger Teeth 22 Spear Phishing 27 Summary 29 Chapter 2 The Psychological Principles of Decision-Making 33 Decision-Making: Small Bits 34 Cognitive Bias 35 Physiological States 37 External Factors 38 The Bottom Line About Decision-Making 39 It Seemed Like a Good Idea at the Time 40 How Phishers Bait the Hook 41 Introducing the Amygdala 44 The Guild of Hijacked Amygdalas 45 Putting a Leash on the Amygdala 48 Wash, Rinse, Repeat 49 Summary 50 Chapter 3 Influence and Manipulation 53 Why the Difference Matters to Us 55 How Do I Tell the Difference? 56 How Will We Build Rapport with Our Targets? 56 How Will Our Targets Feel After They Discover They ve Been Tested? 56 What Is Our Intent? 57 But the Bad Guys Will Use Manipulation ... 57 Lies, All Lies 58 P Is for Punishment 59 Principles of Influence 61 Reciprocity 61 Obligation 62 Concession 63 Scarcity 63 Authority 64 Consistency and Commitment 65 Liking 66 Social Proof 67 More Fun with Influence 67 Our Social Nature 67 Physiological Response 68 Psychological Response 69 Things to Know About Manipulation 70 Summary 71 Chapter 4 Lessons in Protection 75 Lesson One: Critical Thinking 76 How Can Attackers Bypass This Method? 77 Lesson Two: Learn to Hover 77 What If I Already Clicked the Link and I Think It s Dangerous? 80 How Can Attackers Bypass This Method? 81 Lesson Three: URL Deciphering 82 How Can Attackers Bypass This Method? 85 Lesson Four: Analyzing E-mail Headers 85 How Can Attackers Bypass This Method? 90 Lesson Five: Sandboxing 90 How Can Attackers Bypass This Method? 91 The Wall of Sheep, or a Net of Bad Ideas 92 Copy and Paste Your Troubles Away 92 Sharing Is Caring 93 My Mobile Is Secure 94 A Good Antivirus Program Will Save You 94 Summary 95 Chapter 5 Plan Your Phishing Trip: Creating the Enterprise Phishing Program 97 The Basic Recipe 99 Why? 99 What s the Theme? 102 The Big, Fat, Not-So-Legal Section 105 Developing the Program 107 Setting a Baseline 108 Setting the Difficulty Level 109 Writing the Phish 121 Tracking and Statistics 122 Reporting 125 Phish, Educate, Repeat 127 Summary 128 Chapter 6 The Good, the Bad, and the Ugly: Policies and More 131 Oh, the Feels: Emotion and Policies 132 The Definition 132 The Bad 133 Making It Good 133 The Boss Is Exempt 133 The Definition 134 The Bad 134 Making It Good 134 I ll Just Patch One of the Holes 135 The Definition 135 The Bad 136 Making It Good 136 Phish Just Enough to Hate It 136 The Definition 137 The Bad 137 Making It Good 138 If You Spot a Phish, Call This Number 138 The Definition 139 The Bad 139 Making It Good 140 The Bad Guys Take Mondays Off 140 The Definition 141 The Bad 141 Making It Good 141 If You Can t See It, You Are Safe 142 The Definition 142 The Bad 143 Making It Good 143 The Lesson for Us All 143 Summary 144 Chapter 7 The Professional Phisher s Tackle Bag 147 Commercial Applications 149 Rapid7 Metasploit Pro 149 ThreatSim 152 PhishMe 158 Wombat PhishGuru 161 PhishLine 165 Open Source Applications 168 SET: Social-Engineer Toolkit 168 Phishing Frenzy 171 Comparison Chart 174 Managed or Not 176 Summary 177 Chapter 8 Phish Like a Boss 179 Phishing the Deep End 180 Understand What You re Dealing With 180 Set Realistic Goals for Your Organization 182 Plan Your Program 183 Understand the Stats 183 Respond Appropriately 184 Make the Choice: Build Inside or Outside 186 Summary 187 Index 189

Product Details

  • ISBN13: 9781118958476
  • Format: Paperback
  • Number Of Pages: 224
  • ID: 9781118958476
  • weight: 302
  • ISBN10: 1118958470

Delivery Information

  • Saver Delivery: Yes
  • 1st Class Delivery: Yes
  • Courier Delivery: Yes
  • Store Delivery: Yes

Prices are for internet purchases only. Prices and availability in WHSmith Stores may vary significantly