22,99 €
An essential anti-phishing desk reference for anyone with an email address Phishing Dark Waters addresses the growing and continuing scourge of phishing emails, and provides actionable defensive techniques and tools to help you steer clear of malicious emails. Phishing is analyzed from the viewpoint of human decision-making and the impact of deliberate influence and manipulation on the recipient. With expert guidance, this book provides insight into the financial, corporate espionage, nation state, and identity theft goals of the attackers, and teaches you how to spot a spoofed e-mail or cloned website. Included are detailed examples of high profile breaches at Target, RSA, Coca Cola, and the AP, as well as an examination of sample scams including the Nigerian 419, financial themes, and post high-profile event attacks. Learn how to protect yourself and your organization using anti-phishing tools, and how to create your own phish to use as part of a security awareness program. Phishing is a social engineering technique through email that deceives users into taking an action that is not in their best interest, but usually with the goal of disclosing information or installing malware on the victim's computer. Phishing Dark Waters explains the phishing process and techniques, and the defenses available to keep scammers at bay. * Learn what a phish is, and the deceptive ways they've been used * Understand decision-making, and the sneaky ways phishers reel you in * Recognize different types of phish, and know what to do when you catch one * Use phishing as part of your security awareness program for heightened protection Attempts to deal with the growing number of phishing incidents include legislation, user training, public awareness, and technical security, but phishing still exploits the natural way humans respond to certain situations. Phishing Dark Waters is an indispensible guide to recognizing and blocking the phish, keeping you, your organization, and your finances safe.
Sie lesen das E-Book in den Legimi-Apps auf:
Seitenzahl: 300
Introduction
Am I a Builder Yet?
Teaching People to Phish
What You Can Expect
Conventions Used in This Book
Summary
Notes
Chapter 1: An Introduction to the Wild World of Phishing
Phishing 101
How People Phish
Examples
Summary
Notes
Chapter 2: The Psychological Principles of Decision-Making
Decision-Making: Small Bits
It Seemed Like a Good Idea at the Time
How Phishers Bait the Hook
Introducing the Amygdala
Wash, Rinse, Repeat
Summary
Notes
Chapter 3: Influence and Manipulation
Why the Difference Matters to Us
How Do I Tell the Difference?
But the Bad Guys
Will
Use Manipulation …
Lies, All Lies
P Is for Punishment
Principles of Influence
More Fun with Influence
Things to Know About Manipulation
Summary
Notes
Chapter 4: Lessons in Protection
Lesson One: Critical Thinking
Lesson Two: Learn to Hover
Lesson Three: URL Deciphering
Lesson Four: Analyzing E-mail Headers
Lesson Five: Sandboxing
The “Wall of Sheep,” or a Net of Bad Ideas
Summary
Chapter 5: Plan Your Phishing Trip: Creating the Enterprise Phishing Program
The Basic Recipe
Developing the Program
Summary
Chapter 6: The Good, the Bad, and the Ugly: Policies and More
Oh, the Feels: Emotion and Policies
The Boss Is Exempt
I'll Just Patch One of the Holes
Phish Just Enough to Hate It
If You Spot a Phish, Call This Number
The Bad Guys Take Mondays Off
If You Can't See It, You Are Safe
The Lesson for Us All
Summary
Chapter 7: The Professional Phisher's Tackle Bag
Commercial Applications
Open Source Applications
Comparison Chart
Managed or Not
Summary
Chapter 8: Phish Like a Boss
Phishing the Deep End
Summary
Notes
End User License Agreement
xxiii
xxiv
xxv
xxvii
xxviii
xxix
xxx
xxxi
xxxii
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
179
180
181
182
183
184
185
186
187
188
Cover
Table of Contents
Foreword
Introduction
Begin Reading
Figure 1.1
Figure 1.2
Figure 1.3
Figure 1.4
Figure 1.5
Figure 1.6
Figure 1.7
Figure 1.8
Figure 1.9
Figure 1.10
Figure 1.11
Figure 1.12
Figure 1.13
Figure 1.14
Figure 1.15
Figure 1.16
Figure 1.17
Figure 1.18
Figure 1.19
Figure 1.20
Figure 1.21
Figure 2.1
Figure 2.2
Figure 2.3
Figure 2.4
Figure 2.5
Figure 2.6
Figure 2.7
Figure 2.8
Figure 2.9
Figure 3.1
Figure 3.2
Figure 3.3
Figure 3.4
Figure 3.5
Figure 3.6
Figure 3.7
Figure 4.1
Figure 4.2
Figure 4.3
Figure 4.4
Figure 4.5
Figure 4.6
Figure 4.7
Figure 4.8
Figure 4.9
Figure 5.1
Figure 5.2
Figure 5.3
Figure 7.1
Figure 7.2
Figure 7.3
Figure 7.4
Figure 7.5
Figure 7.6
Figure 7.7
Figure 7.8
Figure 7.9
Figure 7.10
Figure 7.11
Figure 7.12
Figure 7.13
Figure 7.14
Figure 7.15
Figure 7.16
Figure 7.17
Figure 7.18
Figure 7.19
Figure 7.20
Figure 7.21
Figure 7.22
Figure 7.23
Table 4.1
Table 4.2
“There was no such thing as a fair fight. All vulnerabilities must be exploited.”
—Cary Caffrey
Social engineering. Those two words have become a staple in most IT departments and, after the last couple years, in most of corporate America, too. One statistic states that more than 60 percent of all attacks had the “human factor” as either the crux of or a major piece of the attack. Analysis of almost all of the major hacking attacks from the past 12 months reveals that a large majority involved social engineering—a phishing e-mail, a spear phish, or a malicious phone call (vishing).
I have written two books analyzing and dissecting the psychology, physiology, and historical aspects of con men, scammers, and social engineers. And in doing so, I have found that one recent theme comes up, and that is e-mail. Since its beginning, e-mail has been used by scammers and social engineers to dupe people out of credentials, money, information, and much more.
In a recent report, the Radicati Group estimates that in 2014 there was an average of 191.4 billion e-mails sent each day. That equates to more than 69.8 trillion e-mails per year. Can you even imagine that number? That is 69,861,000,000,000— staggering, isn't it? Now try to swallow that more than 90 percent of e-mails are spam, according to the information on the Social-Engineer Infographic.
Lesen Sie weiter in der vollständigen Ausgabe!
Lesen Sie weiter in der vollständigen Ausgabe!
Lesen Sie weiter in der vollständigen Ausgabe!
Lesen Sie weiter in der vollständigen Ausgabe!
Lesen Sie weiter in der vollständigen Ausgabe!
Lesen Sie weiter in der vollständigen Ausgabe!
Lesen Sie weiter in der vollständigen Ausgabe!
Lesen Sie weiter in der vollständigen Ausgabe!
Lesen Sie weiter in der vollständigen Ausgabe!
Lesen Sie weiter in der vollständigen Ausgabe!
Lesen Sie weiter in der vollständigen Ausgabe!
Lesen Sie weiter in der vollständigen Ausgabe!
Lesen Sie weiter in der vollständigen Ausgabe!
Lesen Sie weiter in der vollständigen Ausgabe!
Lesen Sie weiter in der vollständigen Ausgabe!
Lesen Sie weiter in der vollständigen Ausgabe!
Lesen Sie weiter in der vollständigen Ausgabe!