Phishing Dark Waters – The Offensive and Defensive Sides of Malicious Emails
Autor C Hadnagyen Limba Engleză Paperback – 14 mai 2015
Phishing is a social engineering technique through email that deceives users into taking an action that is not in their best interest, but usually with the goal of disclosing information or installing malware on the victim′s computer. Phishing Dark Waters explains the phishing process and techniques, and the defenses available to keep scammers at bay.
- Learn what a phish is, and the deceptive ways they′ve been used
- Understand decision–making, and the sneaky ways phishers reel you in
- Recognize different types of phish, and know what to do when you catch one
- Use phishing as part of your security awareness program for heightened protection
Preț: 152.22 lei
Preț vechi: 190.27 lei
-20% Nou
29.13€ • 30.73$ • 24.28£
Carte disponibilă
Livrare economică 12-26 decembrie
Livrare express 27 noiembrie-03 decembrie pentru 20.14 lei
Specificații
ISBN-10: 1118958470
Pagini: 224
Ilustrații: illustrations
Dimensiuni: 152 x 229 x 12 mm
Greutate: 0.27 kg
Editura: Wiley
Locul publicării:Hoboken, United States
Public țintă
Primary audience: Security practitionersSecondary audience: Anyone who receives email
The ideal reader is anyone interested in keeping their organizations, their families, and themselves safe from malicious emails. This will not be a technical manual so much as a practical reference to give readers simple steps to use every day when glancing through the inbox. Although there will be some technical portions, readers will not need a technical or security background to learn what everyone should know about phishing.
Descriere
Learn to catch a phish without becoming live bait.
Phishing e–mails create daily havoc for both individuals and organizations. A social engineering technique that preys on our human nature, phishing remains remarkably successful for scammers and malicious social engineers despite increasingly sophisticated security programs and awareness campaigns. Christopher Hadnagy and Michele Fincher, practitioners and consultants in human–based security, have spent years working to understand how and why phishing works. In this book, they dissect what a phish is, why it succeeds, and the principles behind it, fully exposing all of its flaws and detailing innovative ways to defend against it.
Focusing on the basics of the phish, the underlying psychology, the skillful use of influence, and a creative program to use the phisher′s weapons against him, this highly readable guide provides tools for both individuals and corporations. Hadnagy and Fincher examine some of the most current and effective phish, show you how to spot a spoofed e–mail or cloned website, explore phishing education platforms that work, and demonstrate how to create your own phish to use in your security awareness program.
Despite legislation, user training, public awareness, and technical security, phishing persists because it exploits our natural responses to e–mail requests. Phishing Dark Waters, The Offensive and Defensive Sides of Malicious E–mails arms you with a greater understanding of:
- The psychological principles that make phishing effective
- High–profile breaches, including Target, RSA, and Coca–Cola, that began with a phish
- Common scams, including those following natural disasters and other highly publicized events
- Different goals of attackers: financial, corporate espionage, national security, and identity theft threats
- How to protect your enterprise with a corporate phishing program and integrate it into company policies
- Ways to catch a phish
- Why most security awareness programs don′t work
Textul de pe ultima copertă
Learn to catch a phish without becoming live bait.
Phishing e–mails create daily havoc for both individuals and organizations. A social engineering technique that preys on our human nature, phishing remains remarkably successful for scammers and malicious social engineers despite increasingly sophisticated security programs and awareness campaigns. Christopher Hadnagy and Michele Fincher, practitioners and consultants in human–based security, have spent years working to understand how and why phishing works. In this book, they dissect what a phish is, why it succeeds, and the principles behind it, fully exposing all of its flaws and detailing innovative ways to defend against it.
Focusing on the basics of the phish, the underlying psychology, the skillful use of influence, and a creative program to use the phisher′s weapons against him, this highly readable guide provides tools for both individuals and corporations. Hadnagy and Fincher examine some of the most current and effective phish, show you how to spot a spoofed e–mail or cloned website, explore phishing education platforms that work, and demonstrate how to create your own phish to use in your security awareness program.
Despite legislation, user training, public awareness, and technical security, phishing persists because it exploits our natural responses to e–mail requests. Phishing Dark Waters, The Offensive and Defensive Sides of Malicious E–mails arms you with a greater understanding of:
- The psychological principles that make phishing effective
- High–profile breaches, including Target, RSA, and Coca–Cola, that began with a phish
- Common scams, including those following natural disasters and other highly publicized events
- Different goals of attackers: financial, corporate espionage, national security, and identity theft threats
- How to protect your enterprise with a corporate phishing program and integrate it into company policies
- Ways to catch a phish
- Why most security awareness programs don′t work
Cuprins
Foreword xxiii Introduction xxvii
Chapter 1 An Introduction to the Wild World of Phishing 1
Phishing 101 2
How People Phish 4
Examples 7
High–Profi le Breaches 7
Phish in Their Natural Habitat 10
Phish with Bigger Teeth 22
Spear Phishing 27
Summary 29
Chapter 2 The Psychological Principles of Decision–Making 33
Decision–Making: Small Bits 34
Cognitive Bias 35
Physiological States 37
External Factors 38
The Bottom Line About Decision–Making 39
It Seemed Like a Good Idea at the Time 40
How Phishers Bait the Hook 41
Introducing the Amygdala 44
The Guild of Hijacked Amygdalas 45
Putting a Leash on the Amygdala 48
Wash, Rinse, Repeat 49
Summary 50
Chapter 3 Influence and Manipulation 53
Why the Difference Matters to Us 55
How Do I Tell the Difference? 56
How Will We Build Rapport with Our Targets? 56
How Will Our Targets Feel After They Discover They ve Been Tested? 56
What Is Our Intent? 57
But the Bad Guys Will Use Manipulation . . . 57
Lies, All Lies 58
P Is for Punishment 59
Principles of Influence 61
Reciprocity 61
Obligation 62
Concession 63
Scarcity 63
Authority 64
Consistency and Commitment 65
Liking 66
Social Proof 67
More Fun with Influence 67
Our Social Nature 67
Physiological Response 68
Psychological Response 69
Things to Know About Manipulation 70
Summary 71
Chapter 4 Lessons in Protection 75
Lesson One: Critical Thinking 76
How Can Attackers Bypass This Method? 77
Lesson Two: Learn to Hover 77
What If I Already Clicked the Link and I Think It s Dangerous? 80
How Can Attackers Bypass This Method? 81
Lesson Three: URL Deciphering 82
How Can Attackers Bypass This Method? 85
Lesson Four: Analyzing E–mail Headers 85
How Can Attackers Bypass This Method? 90
Lesson Five: Sandboxing 90
How Can Attackers Bypass This Method? 91
The Wall of Sheep, or a Net of Bad Ideas 92
Copy and Paste Your Troubles Away 92
Sharing Is Caring 93
My Mobile Is Secure 94
A Good Antivirus Program Will Save You 94
Summary 95
Chapter 5 Plan Your Phishing Trip: Creating the Enterprise Phishing Program 97
The Basic Recipe 99
Why? 99
What s the Theme? 102
The Big, Fat, Not–So–Legal Section 105
Developing the Program 107
Setting a Baseline 108
Setting the Difficulty Level 109
Writing the Phish 121
Tracking and Statistics 122
Reporting 125
Phish, Educate, Repeat 127
Summary 128
Chapter 6 The Good, the Bad, and the Ugly: Policies and More 131
Oh, the Feels: Emotion and Policies 132
The Definition 132
The Bad 133
Making It Good 133
The Boss Is Exempt 133
The Definition 134
The Bad 134
Making It Good 134
I ll Just Patch One of the Holes 135
The Definition 135
The Bad 136
Making It Good 136
Phish Just Enough to Hate It 136
The Definition 137
The Bad 137
Making It Good 138
If You Spot a Phish, Call This Number 138
The Definition 139
The Bad 139
Making It Good 140
The Bad Guys Take Mondays Off 140
The Definition 141
The Bad 141
Making It Good 141
If You Can t See It, You Are Safe 142
The Definition 142
The Bad 143
Making It Good 143
The Lesson for Us All 143
Summary 144
Chapter 7 The Professional Phisher s Tackle Bag 147
Commercial Applications 149
Rapid7 Metasploit Pro 149
ThreatSim 152
PhishMe 158
Wombat PhishGuru 161
PhishLine 165
Open Source Applications 168
SET: Social–Engineer Toolkit 168
Phishing Frenzy 171
Comparison Chart 174
Managed or Not 176
Summary 177
Chapter 8 Phish Like a Boss 179
Phishing the Deep End 180
Understand What You re Dealing With 180
Set Realistic Goals for Your Organization 182
Plan Your Program 183
Understand the Stats 183
Respond Appropriately 184
Make the Choice: Build Inside or Outside 186
Summary 187
Index 189
Notă biografică
CHRISTOPHER HADNAGY, author of Social Engineering: The Art of Human Hacking, specializes in the human aspects of technology. With more than 14 years of experience in technology, he is CEO of Social–Engineer, Inc. and a frequent speaker at major security conferences. MICHELE FINCHER possesses more than 20 years experience as a behavioral scientist, researcher, and information security professional. She is a senior penetration tester and Chief Influencing Officer at Social–Engineer, Inc.