Mehr lesen
An essential anti-phishing desk reference for anyone with an email address
Phishing Dark Waters addresses the growing and continuing scourge of phishing emails, and provides actionable defensive techniques and tools to help you steer clear of malicious emails. Phishing is analyzed from the viewpoint of human decision-making and the impact of deliberate influence and manipulation on the recipient. With expert guidance, this book provides insight into the financial, corporate espionage, nation state, and identity theft goals of the attackers, and teaches you how to spot a spoofed e-mail or cloned website. Included are detailed examples of high profile breaches at Target, RSA, Coca Cola, and the AP, as well as an examination of sample scams including the Nigerian 419, financial themes, and post high-profile event attacks. Learn how to protect yourself and your organization using anti-phishing tools, and how to create your own phish to use as part of a security awareness program.
Phishing is a social engineering technique through email that deceives users into taking an action that is not in their best interest, but usually with the goal of disclosing information or installing malware on the victim's computer. Phishing Dark Waters explains the phishing process and techniques, and the defenses available to keep scammers at bay.
* Learn what a phish is, and the deceptive ways they've been used
* Understand decision-making, and the sneaky ways phishers reel you in
* Recognize different types of phish, and know what to do when you catch one
* Use phishing as part of your security awareness program for heightened protection
Attempts to deal with the growing number of phishing incidents include legislation, user training, public awareness, and technical security, but phishing still exploits the natural way humans respond to certain situations. Phishing Dark Waters is an indispensible guide to recognizing and blocking the phish, keeping you, your organization, and your finances safe.
Inhaltsverzeichnis
Foreword xxiii
Introduction xxvii
Chapter 1 An Introduction to the Wild World of Phishing 1
Phishing 101 2
How People Phish 4
Examples 7
High-Profi le Breaches 7
Phish in Their Natural Habitat 10
Phish with Bigger Teeth 22
Spear Phishing 27
Summary 29
Chapter 2 The Psychological Principles of Decision-Making 33
Decision-Making: Small Bits 34
Cognitive Bias 35
Physiological States 37
External Factors 38
The Bottom Line About Decision-Making 39
It Seemed Like a Good Idea at the Time 40
How Phishers Bait the Hook 41
Introducing the Amygdala 44
The Guild of Hijacked Amygdalas 45
Putting a Leash on the Amygdala 48
Wash, Rinse, Repeat 49
Summary 50
Chapter 3 Influence and Manipulation 53
Why the Difference Matters to Us 55
How Do I Tell the Difference? 56
How Will We Build Rapport with Our Targets? 56
How Will Our Targets Feel After They Discover They've Been Tested? 56
What Is Our Intent? 57
But the Bad Guys Will Use Manipulation . . . 57
Lies, All Lies 58
P Is for Punishment 59
Principles of Influence 61
Reciprocity 61
Obligation 62
Concession 63
Scarcity 63
Authority 64
Consistency and Commitment 65
Liking 66
Social Proof 67
More Fun with Influence 67
Our Social Nature 67
Physiological Response 68
Psychological Response 69
Things to Know About Manipulation 70
Summary 71
Chapter 4 Lessons in Protection 75
Lesson One: Critical Thinking 76
How Can Attackers Bypass This Method? 77
Lesson Two: Learn to Hover 77
What If I Already Clicked the Link and I Think It's Dangerous? 80
How Can Attackers Bypass This Method? 81
Lesson Three: URL Deciphering 82
How Can Attackers Bypass This Method? 85
Lesson Four: Analyzing E-mail Headers 85
How Can Attackers Bypass This Method? 90
Lesson Five: Sandboxing 90
How Can Attackers Bypass This Method? 91
The "Wall of Sheep," or a Net of Bad Ideas 92
Copy and Paste Your Troubles Away 92
Sharing Is Caring 93
My Mobile Is Secure 94
A Good Antivirus Program Will Save You 94
Summary 95
Chapter 5 Plan Your Phishing Trip: Creating the Enterprise Phishing Program 97
The Basic Recipe 99
Why? 99
What's the Theme? 102
The Big, Fat, Not-So-Legal Section 105
Developing the Program 107
Setting a Baseline 108
Setting the Difficulty Level 109
Writing the Phish 121
Tracking and Statistics 122
Reporting 125
Phish, Educate, Repeat 127
Summary 128
Chapter 6 The Good, the Bad, and the Ugly: Policies and More 131
Oh, the Feels: Emotion and Policies 132
The Definition 132
The Bad 133
Making It "Good" 133
The Boss Is Exempt 133
The Definition 134
The Bad 134
Making It "Good" 134
I'll Just Patch One of the Holes 135
The Definition 135
The Bad 136
Making It "Good" 136
Phish Just Enough to Hate It 136
The Definition 137
The Bad 137
Making It "Good" 138
If You Spot a Phish, Call This Number 138
