Bookstore

An essential anti-phishing desk reference for anyone with an email addressPhishing Dark Waters addresses the growing and continuing scourge of phishing emails, and provides actionable defensive techniques and tools to help you steer clear of malicious emails. Phishing is analyzed from the viewpoint of human decision-making and the impact of deliberate influence and manipulation on the recipient. With expert guidance, this book provides insight into the financial, corporate espionage, nation state, and identity theft goals of the attackers, and teaches you how to spot a spoofed e-mail or cloned website. Included are detailed examples of high profile breaches at Target, RSA, Coca Cola, and the AP, as well as an examination of sample scams including the Nigerian 419, financial themes, and post high-profile event attacks. Learn how to protect yourself and your organization using anti-phishing tools, and how to create your own phish to use as part of a security awareness program.Phishing is a social engineering technique through email that deceives users into taking an action that is not in their best interest, but usually with the goal of disclosing information or installing malware on the victim's computer. Phishing Dark Waters explains the phishing process and techniques, and the defenses available to keep scammers at bay.* Learn what a phish is, and the deceptive ways they've been used* Understand decision-making, and the sneaky ways phishers reel you in* Recognize different types of phish, and know what to do when you catch one* Use phishing as part of your security awareness program for heightened protectionAttempts to deal with the growing number of phishing incidents include legislation, user training, public awareness, and technical security, but phishing still exploits the natural way humans respond to certain situations. Phishing Dark Waters is an indispensible guide to recognizing and blocking the phish, keeping you, your organization, and your finances safe.

Phishing Dark Waters: The Offensive and Defensive Sides of Malicious Emails

Foreword xxiiiIntroduction xxviiChapter 1 An Introduction to the Wild World of Phishing 1Phishing 101 2How People Phish 4Examples 7High-Profi le Breaches 7Phish in Their Natural Habitat 10Phish with Bigger Teeth 22Spear Phishing 27Summary 29Chapter 2 The Psychological Principles of Decision-Making 33Decision-Making: Small Bits 34Cognitive Bias 35Physiological States 37External Factors 38The Bottom Line About Decision-Making 39It Seemed Like a Good Idea at the Time 40How Phishers Bait the Hook 41Introducing the Amygdala 44The Guild of Hijacked Amygdalas 45Putting a Leash on the Amygdala 48Wash, Rinse, Repeat 49Summary 50Chapter 3 Influence and Manipulation 53Why the Difference Matters to Us 55How Do I Tell the Difference? 56How Will We Build Rapport with Our Targets? 56How Will Our Targets Feel After They Discover They've Been Tested? 56What Is Our Intent? 57But the Bad Guys Will Use Manipulation . . . 57Lies, All Lies 58P Is for Punishment 59Principles of Influence 61Reciprocity 61Obligation 62Concession 63Scarcity 63Authority 64Consistency and Commitment 65Liking 66Social Proof 67More Fun with Influence 67Our Social Nature 67Physiological Response 68Psychological Response 69Things to Know About Manipulation 70Summary 71Chapter 4 Lessons in Protection 75Lesson One: Critical Thinking 76How Can Attackers Bypass This Method? 77Lesson Two: Learn to Hover 77What If I Already Clicked the Link and I Think It's Dangerous? 80How Can Attackers Bypass This Method? 81Lesson Three: URL Deciphering 82How Can Attackers Bypass This Method? 85Lesson Four: Analyzing E-mail Headers 85How Can Attackers Bypass This Method? 90Lesson Five: Sandboxing 90How Can Attackers Bypass This Method? 91The "Wall of Sheep," or a Net of Bad Ideas 92Copy and Paste Your Troubles Away 92Sharing Is Caring 93My Mobile Is Secure 94A Good Antivirus Program Will Save You 94Summary 95Chapter 5 Plan Your Phishing Trip: Creating the Enterprise Phishing Program 97The Basic Recipe 99Why? 99What's the Theme? 102The Big, Fat, Not-So-Legal Section 105Developing the Program 107Setting a Baseline 108Setting the Difficulty Level 109Writing the Phish 121Tracking and Statistics 122Reporting 125Phish, Educate, Repeat 127Summary 128Chapter 6 The Good, the Bad, and the Ugly: Policies and More 131Oh, the Feels: Emotion and Policies 132The Definition 132The Bad 133Making It "Good" 133The Boss Is Exempt 133The Definition 134The Bad 134Making It "Good" 134I'll Just Patch One of the Holes 135The Definition 135The Bad 136Making It "Good" 136Phish Just Enough to Hate It 136The Definition 137The Bad 137Making It "Good" 138If You Spot a Phish, Call This Number 138The Definition 139The Bad 139Making It "Good" 140The Bad Guys Take Mondays Off 140The Definition 141The Bad 141Making It "Good" 141If You Can't See It, You Are Safe 142The Definition 142The Bad 143Making It "Good" 143The Lesson for Us All 143Summary 144Chapter 7 The Professional Phisher's Tackle Bag 147Commercial Applications 149Rapid7 Metasploit Pro 149ThreatSim 152PhishMe 158Wombat PhishGuru 161PhishLine 165Open Source Applications 168SET: Social-Engineer Toolkit 168Phishing Frenzy 171Comparison Chart 174Managed or Not 176Summary 177Chapter 8 Phish Like a Boss 179Phishing the Deep End 180Understand What You're Dealing With 180Set Realistic Goals for Your Organization 182Plan Your Program 183Understand the Stats 183Respond Appropriately 184Make the Choice: Build Inside or Outside 186Summary 187Index 189