{"product_id":"fighting-phishing-isbn-9781394249206","title":"Fighting Phishing","description":"\u003cp\u003e\u003cb\u003eKeep valuable data safe from even the most sophisticated social engineering and phishing attacks\u003c\/b\u003e \u003c\/p\u003e\u003cp\u003e\u003ci\u003eFighting Phishing: Everything You Can Do To Fight Social Engineering and Phishing\u003c\/i\u003e serves as the ideal defense against phishing for any reader, from large organizations to individuals. Unlike most anti-phishing books, which focus only on one or two strategies, this book discusses all the policies, education, and technical strategies that are essential to a complete phishing defense. This book gives clear instructions for deploying a great defense-in-depth strategy to defeat hackers and malware. Written by the lead data-driven defense evangelist at the world's number one anti-phishing company, KnowBe4, Inc., this guide shows you how to create an enduring, integrated cybersecurity culture. \u003c\/p\u003e\u003cul\u003e \u003cli\u003eLearn what social engineering and phishing are, why they are so dangerous to your cybersecurity, and how to defend against them\u003c\/li\u003e \u003cli\u003eEducate yourself and other users on how to identify and avoid phishing scams, to stop attacks before they begin\u003c\/li\u003e \u003cli\u003eDiscover the latest tools and strategies for locking down data when phishing has taken place, and stop breaches from spreading\u003c\/li\u003e \u003cli\u003eDevelop technology and security policies that protect your organization against the most common types of social engineering and phishing\u003c\/li\u003e \u003c\/ul\u003e \u003cp\u003eAnyone looking to defend themselves or their organization from phishing will appreciate the uncommonly comprehensive approach in \u003ci\u003eFighting Phishing.\u003c\/i\u003e \u003c\/p\u003e\u003cp\u003eIntroduction xiii\u003c\/p\u003e \u003cp\u003e\u003cb\u003ePart I Introduction to Social Engineering Security 1\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 1 Introduction to Social Engineering and Phishing 3\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eWhat Are Social Engineering and Phishing? 3\u003c\/p\u003e \u003cp\u003eHow Prevalent Are Social Engineering and Phishing? 8\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 2 Phishing Terminology and Examples 23\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eSocial Engineering 23\u003c\/p\u003e \u003cp\u003ePhish 24\u003c\/p\u003e \u003cp\u003eWell- Known Brands 25\u003c\/p\u003e \u003cp\u003eTop Phishing Subjects 26\u003c\/p\u003e \u003cp\u003eStressor Statements 27\u003c\/p\u003e \u003cp\u003eMalicious Downloads 30\u003c\/p\u003e \u003cp\u003eMalware 31\u003c\/p\u003e \u003cp\u003eBots 31\u003c\/p\u003e \u003cp\u003eDownloader 32\u003c\/p\u003e \u003cp\u003eAccount Takeover 32\u003c\/p\u003e \u003cp\u003eSpam 33\u003c\/p\u003e \u003cp\u003eSpear Phishing 34\u003c\/p\u003e \u003cp\u003eWhaling 35\u003c\/p\u003e \u003cp\u003ePage Hijacking 35\u003c\/p\u003e \u003cp\u003eSEO Pharming 36\u003c\/p\u003e \u003cp\u003eCalendar Phishing 38\u003c\/p\u003e \u003cp\u003eSocial Media Phishing 40\u003c\/p\u003e \u003cp\u003eRomance Scams 41\u003c\/p\u003e \u003cp\u003eVishing 44\u003c\/p\u003e \u003cp\u003ePretexting 46\u003c\/p\u003e \u003cp\u003eOpen- Source Intelligence 47\u003c\/p\u003e \u003cp\u003eCallback Phishing 47\u003c\/p\u003e \u003cp\u003eSmishing 49\u003c\/p\u003e \u003cp\u003eBusiness Email Compromise 51\u003c\/p\u003e \u003cp\u003eSextortion 53\u003c\/p\u003e \u003cp\u003eBrowser Attacks 53\u003c\/p\u003e \u003cp\u003eBaiting 56\u003c\/p\u003e \u003cp\u003eQR Phishing 56\u003c\/p\u003e \u003cp\u003ePhishing Tools and Kits 57\u003c\/p\u003e \u003cp\u003eSummary 59\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 3 3x3 Cybersecurity Control Pillars 61\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eThe Challenge of Cybersecurity 61\u003c\/p\u003e \u003cp\u003eCompliance 62\u003c\/p\u003e \u003cp\u003eRisk Management 65\u003c\/p\u003e \u003cp\u003eDefense-In-Depth 68\u003c\/p\u003e \u003cp\u003e3x3 Cybersecurity Control Pillars 70\u003c\/p\u003e \u003cp\u003eSummary 72\u003c\/p\u003e \u003cp\u003e\u003cb\u003ePart II Policies 73\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 4 Acceptable Use and General Cybersecurity Policies 75\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eAcceptable Use Policy (AUP) 75\u003c\/p\u003e \u003cp\u003eGeneral Cybersecurity Policy 79\u003c\/p\u003e \u003cp\u003eSummary 88\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 5 Anti-Phishing Policies 89\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eThe Importance of Anti-Phishing Policies 89\u003c\/p\u003e \u003cp\u003eWhat to Include 90\u003c\/p\u003e \u003cp\u003eSummary 109\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 6 Creating a Corporate SAT Policy 111\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eGetting Started with Your SAT Policy 112\u003c\/p\u003e \u003cp\u003eNecessary SAT Policy Components 112\u003c\/p\u003e \u003cp\u003eExample of Security Awareness Training Corporate Policy 128\u003c\/p\u003e \u003cp\u003eAcme Security Awareness Training Policy: Version 2.1 128\u003c\/p\u003e \u003cp\u003eSummary 142\u003c\/p\u003e \u003cp\u003e\u003cb\u003ePart III Technical Defenses 145\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 7 DMARC, SPF, and DKIM 147\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eThe Core Concepts 147\u003c\/p\u003e \u003cp\u003eA US and Global Standard 149\u003c\/p\u003e \u003cp\u003eEmail Addresses 151\u003c\/p\u003e \u003cp\u003eSender Policy Framework (SPF) 159\u003c\/p\u003e \u003cp\u003eDomain Keys Identified Mail (DKIM) 165\u003c\/p\u003e \u003cp\u003eDomain- based Message Authentication, Reporting, and Conformance (DMARC) 169\u003c\/p\u003e \u003cp\u003eConfiguring DMARC, SPF, and DKIM 174\u003c\/p\u003e \u003cp\u003ePutting It All Together 175\u003c\/p\u003e \u003cp\u003eDMARC Configuration Checking 176\u003c\/p\u003e \u003cp\u003eHow to Verify DMARC Checks 177\u003c\/p\u003e \u003cp\u003eHow to Use DMARC 179\u003c\/p\u003e \u003cp\u003eWhat DMARC Doesn’t Do 180\u003c\/p\u003e \u003cp\u003eOther DMARC Resources 181\u003c\/p\u003e \u003cp\u003eSummary 182\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 8 Network and Server Defenses 185\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eDefining Network 186\u003c\/p\u003e \u003cp\u003eNetwork Isolation 187\u003c\/p\u003e \u003cp\u003eNetwork-Level Phishing Attacks 187\u003c\/p\u003e \u003cp\u003eNetwork- and Server-Level Defenses 190\u003c\/p\u003e \u003cp\u003eSummary 214\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 9 Endpoint Defenses 217\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eFocusing on Endpoints 217\u003c\/p\u003e \u003cp\u003eAnti- Spam and Anti- Phishing Filters 218\u003c\/p\u003e \u003cp\u003eAnti- Malware 218\u003c\/p\u003e \u003cp\u003ePatch Management 218\u003c\/p\u003e \u003cp\u003eBrowser Settings 219\u003c\/p\u003e \u003cp\u003eBrowser Notifications 223\u003c\/p\u003e \u003cp\u003eEmail Client Settings 225\u003c\/p\u003e \u003cp\u003eFirewalls 227\u003c\/p\u003e \u003cp\u003ePhishing- Resistant MFA 227\u003c\/p\u003e \u003cp\u003ePassword Managers 228\u003c\/p\u003e \u003cp\u003eVPNs 230\u003c\/p\u003e \u003cp\u003ePrevent Unauthorized External Domain Collaboration 231\u003c\/p\u003e \u003cp\u003eDMARC 231\u003c\/p\u003e \u003cp\u003eEnd Users Should Not Be Logged on as Admin 232\u003c\/p\u003e \u003cp\u003eChange and Configuration Management 232\u003c\/p\u003e \u003cp\u003eMobile Device Management 233\u003c\/p\u003e \u003cp\u003eSummary 233\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 10 Advanced Defenses 235\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eAI- Based Content Filters 235\u003c\/p\u003e \u003cp\u003eSingle-Sign-Ons 237\u003c\/p\u003e \u003cp\u003eApplication Control Programs 237\u003c\/p\u003e \u003cp\u003eRed\/Green Defenses 238\u003c\/p\u003e \u003cp\u003eEmail Server Checks 242\u003c\/p\u003e \u003cp\u003eProactive Doppelganger Searches 243\u003c\/p\u003e \u003cp\u003eHoneypots and Canaries 244\u003c\/p\u003e \u003cp\u003eHighlight New Email Addresses 246\u003c\/p\u003e \u003cp\u003eFighting USB Attacks 247\u003c\/p\u003e \u003cp\u003ePhone- Based Testing 249\u003c\/p\u003e \u003cp\u003ePhysical Penetration Testing 249\u003c\/p\u003e \u003cp\u003eSummary 250\u003c\/p\u003e \u003cp\u003e\u003cb\u003ePart IV Creating a Great Security Awareness Program 251\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 11 Security Awareness Training Overview 253\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eWhat Is Security Awareness Training? 253\u003c\/p\u003e \u003cp\u003eGoals of SAT 256\u003c\/p\u003e \u003cp\u003eSenior Management Sponsorship 260\u003c\/p\u003e \u003cp\u003eAbsolutely Use Simulated Phishing Tests 260\u003c\/p\u003e \u003cp\u003eDifferent Types of Training 261\u003c\/p\u003e \u003cp\u003eCompliance 274\u003c\/p\u003e \u003cp\u003eLocalization 274\u003c\/p\u003e \u003cp\u003eSAT Rhythm of the Business 275\u003c\/p\u003e \u003cp\u003eReporting\/Results 277\u003c\/p\u003e \u003cp\u003eChecklist 277\u003c\/p\u003e \u003cp\u003eSummary 278\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 12 How to Do Training Right 279\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eDesigning an Effective Security Awareness Training Program 280\u003c\/p\u003e \u003cp\u003eBuilding\/Selecting and Reviewing Training Content 295\u003c\/p\u003e \u003cp\u003eAdditional References 303\u003c\/p\u003e \u003cp\u003eSummary 304\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 13 Recognizing Rogue URLs 305\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eHow to Read a URL 305\u003c\/p\u003e \u003cp\u003eMost Important URL Information 313\u003c\/p\u003e \u003cp\u003eRogue URL Tricks 315\u003c\/p\u003e \u003cp\u003eSummary 334\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 14 Fighting Spear Phishing 335\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eBackground 335\u003c\/p\u003e \u003cp\u003eSpear Phishing Examples 337\u003c\/p\u003e \u003cp\u003eHow to Defend Against Spear Phishing 345\u003c\/p\u003e \u003cp\u003eSummary 347\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 15 Forensically Examining Emails 349\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eWhy Investigate? 349\u003c\/p\u003e \u003cp\u003eWhy You Should Not Investigate 350\u003c\/p\u003e \u003cp\u003eHow to Investigate 351\u003c\/p\u003e \u003cp\u003eExamining Emails 352\u003c\/p\u003e \u003cp\u003eClicking on Links and Running Malware 373\u003c\/p\u003e \u003cp\u003eSubmit Links and File Attachments to AV 374\u003c\/p\u003e \u003cp\u003eThe Preponderance of Evidence 375\u003c\/p\u003e \u003cp\u003eA Real- World Forensic Investigation Example 376\u003c\/p\u003e \u003cp\u003eSummary 378\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 16 Miscellaneous Hints and Tricks 379\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eFirst- Time Firing Offense 379\u003c\/p\u003e \u003cp\u003eText- Only Email 381\u003c\/p\u003e \u003cp\u003eMemory Issues 382\u003c\/p\u003e \u003cp\u003eSAT Counselor 383\u003c\/p\u003e \u003cp\u003eAnnual SAT User Conference 384\u003c\/p\u003e \u003cp\u003eVoice- Call Tests 385\u003c\/p\u003e \u003cp\u003eCredential Searches 385\u003c\/p\u003e \u003cp\u003eDark Web Searches 386\u003c\/p\u003e \u003cp\u003eSocial Engineering Penetration Tests 386\u003c\/p\u003e \u003cp\u003eRansomware Recovery 387\u003c\/p\u003e \u003cp\u003ePatch, Patch, Patch 387\u003c\/p\u003e \u003cp\u003eCISA Cybersecurity Awareness Program 388\u003c\/p\u003e \u003cp\u003ePasskeys 388\u003c\/p\u003e \u003cp\u003eAvoid Controversial Simulated Phishing Subjects 389\u003c\/p\u003e \u003cp\u003ePractice and Teach Mindfulness 392\u003c\/p\u003e \u003cp\u003eMust Have Mindfulness Reading 393\u003c\/p\u003e \u003cp\u003eSummary 393\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 17 Improving Your Security Culture 395\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eWhat Is a Security Culture? 396\u003c\/p\u003e \u003cp\u003eSeven Dimensions of a Security Culture 397\u003c\/p\u003e \u003cp\u003eImproving Security Culture 401\u003c\/p\u003e \u003cp\u003eOther Resources 404\u003c\/p\u003e \u003cp\u003eSummary 404\u003c\/p\u003e \u003cp\u003eConclusion 405\u003c\/p\u003e \u003cp\u003eAcknowledgments 407\u003c\/p\u003e \u003cp\u003eAbout the Author 411\u003c\/p\u003e \u003cp\u003eIndex 413\u003c\/p\u003e  \u003cp\u003e\u003cb\u003eROGER A. GRIMES \u003c\/b\u003ehas 35 years of experience in computer security and has authored 13 previous books on the topic. He is the Data-Driven Defense Evangelist at KnowBe4, a security awareness education company, and a senior computer security consultant and cybersecurity architect.   \u003c\/p\u003e\u003cp\u003e\u003cb\u003eA complete approach to defending yourself and your organization against phishing\u003c\/b\u003e \u003c\/p\u003e\u003cp\u003eSocial engineering and phishing are involved in up to 90% of all successful hacker and malware attacks, making them by far the most common strategies. They are also the most dangerous, because they take advantage of the human element, manipulating individuals into willingly providing sensitive data like passwords. \u003ci\u003eFighting Phishing \u003c\/i\u003eis about how you can better protect against these ever-evolving threats. \u003c\/p\u003e\u003cp\u003eWhen it comes to stopping phishing, education is key, and inside you’ll find detailed descriptions of how these attacks take place, along with valuable information on how to recognize them and take appropriate action before your systems are breached. However, for a comprehensive, defense-in- depth strategy, you will need to implement policies and technical defenses as well. This book is all about combining these elements to create a rock-solid anti-phishing posture. \u003c\/p\u003e\u003cp\u003eWritten by senior cybersecurity architect and defense evangelist Roger Grimes, this book draws on decades of expertise, as well as a thorough understanding of the newest scams—and the tools needed to stop them. As a leading media commentator, Grimes is well respected for his ability to clearly explain cybersecurity concepts and help organizations implement technical defenses. Inside, he offers wisdom that no one with an interest in cybersecurity can afford to ignore.\u003c\/p\u003e","brand":"Wiley","offers":[{"title":"Default Title","offer_id":47989207171301,"sku":"NP9781394249206","price":28.0,"currency_code":"USD","in_stock":false}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/1842\/7735\/files\/9781394249206.jpg?v=1761783209","url":"https:\/\/k12savings.com\/es\/products\/fighting-phishing-isbn-9781394249206","provider":"K12savings","version":"1.0","type":"link"}