Pub. Date:
Phishing Dark Waters: The Offensive and Defensive Sides of Malicious Emails / Edition 1

Phishing Dark Waters: The Offensive and Defensive Sides of Malicious Emails / Edition 1


View All Available Formats & Editions
Current price is , Original price is $35.0. You
Select a Purchase Option
  • purchase options
    $18.96 $35.00 Save 46% Current price is $18.96, Original price is $35. You Save 46%.
  • purchase options
    $16.59 $35.00 Save 53% Current price is $16.59, Original price is $35. You Save 53%.
    Note: Access code and/or supplemental material are not guaranteed to be included with textbook rental or used textbook.
  • purchase options


Phishing Dark Waters: The Offensive and Defensive Sides of Malicious Emails / Edition 1

An essential anti-phishing desk reference for anyone with anemail address

Phishing Dark Waters addresses the growing and continuingscourge of phishing emails, and provides actionable defensivetechniques and tools to help you steer clear of malicious emails.Phishing is analyzed from the viewpoint of human decision-makingand the impact of deliberate influence and manipulation on therecipient. With expert guidance, this book provides insight intothe financial, corporate espionage, nation state, and identitytheft goals of the attackers, and teaches you how to spot a spoofede-mail or cloned website. Included are detailed examples of highprofile breaches at Target, RSA, Coca Cola, and the AP, as well asan examination of sample scams including the Nigerian 419,financial themes, and post high-profile event attacks. Learn how toprotect yourself and your organization using anti-phishing tools,and how to create your own phish to use as part of a securityawareness program.

Phishing is a social engineering technique through email thatdeceives users into taking an action that is not in their bestinterest, but usually with the goal of disclosing information orinstalling malware on the victim's computer. Phishing DarkWaters explains the phishing process and techniques, and thedefenses available to keep scammers at bay.

  • Learn what a phish is, and the deceptive ways they've beenused
  • Understand decision-making, and the sneaky ways phishers reelyou in
  • Recognize different types of phish, and know what to do whenyou catch one
  • Use phishing as part of your security awareness program forheightened protection

Attempts to deal with the growing number of phishing incidentsinclude legislation, user training, public awareness, and technicalsecurity, but phishing still exploits the natural way humansrespond to certain situations. Phishing Dark Waters is anindispensible guide to recognizing and blocking the phish, keepingyou, your organization, and your finances safe.

Product Details

ISBN-13: 9781118958476
Publisher: Wiley
Publication date: 04/06/2015
Pages: 224
Sales rank: 1,210,673
Product dimensions: 5.90(w) x 8.90(h) x 0.60(d)

About the Author

CHRISTOPHER HADNAGY, author of Social Engineering: The Art of Human Hacking, specializes in the human aspects of technology. With more than 14 years of experience in technology, he is CEO of Social-Engineer, Inc. and a frequent speaker at major security conferences. MICHELE FINCHER possesses more than 20 years experience as a behavioral scientist, researcher, and information security professional. She is a senior penetration tester and Chief Influencing Officer at Social-Engineer, Inc.

Table of Contents

Foreword xxiii

Introduction xxvii

Chapter 1 An Introduction to the Wild World of Phishing 1

Phishing 101 2

How People Phish 4

Examples 7

High-Profi le Breaches 7

Phish in Their Natural Habitat 10

Phish with Bigger Teeth 22

Spear Phishing 27

Summary 29

Chapter 2 The Psychological Principles of Decision-Making 33

Decision-Making: Small Bits 34

Cognitive Bias 35

Physiological States 37

External Factors 38

The Bottom Line About Decision-Making 39

It Seemed Like a Good Idea at the Time 40

How Phishers Bait the Hook 41

Introducing the Amygdala 44

The Guild of Hijacked Amygdalas 45

Putting a Leash on the Amygdala 48

Wash, Rinse, Repeat 49

Summary 50

Chapter 3 Influence and Manipulation 53

Why the Difference Matters to Us 55

How Do I Tell the Difference? 56

How Will We Build Rapport with Our Targets? 56

How Will Our Targets Feel After They Discover They’ve Been Tested? 56

What Is Our Intent? 57

But the Bad Guys Will Use Manipulation . . . 57

Lies, All Lies 58

P Is for Punishment 59

Principles of Influence 61

Reciprocity 61

Obligation 62

Concession 63

Scarcity 63

Authority 64

Consistency and Commitment 65

Liking 66

Social Proof 67

More Fun with Influence 67

Our Social Nature 67

Physiological Response 68

Psychological Response 69

Things to Know About Manipulation 70

Summary 71

Chapter 4 Lessons in Protection 75

Lesson One: Critical Thinking 76

How Can Attackers Bypass This Method? 77

Lesson Two: Learn to Hover 77

What If I Already Clicked the Link and I Think It’s Dangerous? 80

How Can Attackers Bypass This Method? 81

Lesson Three: URL Deciphering 82

How Can Attackers Bypass This Method? 85

Lesson Four: Analyzing E-mail Headers 85

How Can Attackers Bypass This Method? 90

Lesson Five: Sandboxing 90

How Can Attackers Bypass This Method? 91

The “Wall of Sheep,” or a Net of Bad Ideas 92

Copy and Paste Your Troubles Away 92

Sharing Is Caring 93

My Mobile Is Secure 94

A Good Antivirus Program Will Save You 94

Summary 95

Chapter 5 Plan Your Phishing Trip: Creating the Enterprise Phishing Program 97

The Basic Recipe 99

Why? 99

What’s the Theme? 102

The Big, Fat, Not-So-Legal Section 105

Developing the Program 107

Setting a Baseline 108

Setting the Difficulty Level 109

Writing the Phish 121

Tracking and Statistics 122

Reporting 125

Phish, Educate, Repeat 127

Summary 128

Chapter 6 The Good, the Bad, and the Ugly: Policies and More 131

Oh, the Feels: Emotion and Policies 132

The Definition 132

The Bad 133

Making It “Good” 133

The Boss Is Exempt 133

The Definition 134

The Bad 134

Making It “Good” 134

I’ll Just Patch One of the Holes 135

The Definition 135

The Bad 136

Making It “Good” 136

Phish Just Enough to Hate It 136

The Definition 137

The Bad 137

Making It “Good” 138

If You Spot a Phish, Call This Number 138

The Definition 139

The Bad 139

Making It “Good” 140

The Bad Guys Take Mondays Off 140

The Definition 141

The Bad 141

Making It “Good” 141

If You Can’t See It, You Are Safe 142

The Definition 142

The Bad 143

Making It “Good” 143

The Lesson for Us All 143

Summary 144

Chapter 7 The Professional Phisher’s Tackle Bag 147

Commercial Applications 149

Rapid7 Metasploit Pro 149

ThreatSim 152

PhishMe 158

Wombat PhishGuru 161

PhishLine 165

Open Source Applications 168

SET: Social-Engineer Toolkit 168

Phishing Frenzy 171

Comparison Chart 174

Managed or Not 176

Summary 177

Chapter 8 Phish Like a Boss 179

Phishing the Deep End 180

Understand What You’re Dealing With 180

Set Realistic Goals for Your Organization 182

Plan Your Program 183

Understand the Stats 183

Respond Appropriately 184

Make the Choice: Build Inside or Outside 186

Summary 187

Index 189

Customer Reviews

Most Helpful Customer Reviews

See All Customer Reviews

Phishing Dark Waters: The Offensive and Defensive Sides of Malicious Emails 5 out of 5 based on 0 ratings. 1 reviews.
RodScher More than 1 year ago
This is a great book -- and an IMPORTANT book. By far the majority of "hacks" are really social engineering exploits of one sort or another, and phishing ranks way up there as the favorite form of social engineering attack. Chris Hadnagy and Michele Fincher have done an excellent job of explaining in understandable terms how phishing works and -- more importantly -- how you can avoid becoming a victim. This is required reading for anyone who uses email, the Internet, or social media -- in other words, for pretty much everyone.