{"product_id":"phishing-dark-waters-isbn-9781118958476","title":"Phishing Dark Waters","description":"\u003cb\u003eAn essential anti-phishing desk reference for anyone with an email address\u003c\/b\u003e  \u003cp\u003e\u003ci\u003ePhishing Dark Waters\u003c\/i\u003e addresses the growing and continuing scourge of phishing emails, and provides actionable defensive techniques and tools to help you steer clear of malicious emails. Phishing is analyzed from the viewpoint of human decision-making and the impact of deliberate influence and manipulation on the recipient. With expert guidance, this book provides insight into the financial, corporate espionage, nation state, and identity theft goals of the attackers, and teaches you how to spot a spoofed e-mail or cloned website. Included are detailed examples of high profile breaches at Target, RSA, Coca Cola, and the AP, as well as an examination of sample scams including the Nigerian 419, financial themes, and post high-profile event attacks. Learn how to protect yourself and your organization using anti-phishing tools, and how to create your own phish to use as part of a security awareness program.\u003c\/p\u003e \u003cp\u003ePhishing is a social engineering technique through email that deceives users into taking an action that is not in their best interest, but usually with the goal of disclosing information or installing malware on the victim's computer. \u003ci\u003ePhishing Dark Waters\u003c\/i\u003e explains the phishing process and techniques, and the defenses available to keep scammers at bay.\u003c\/p\u003e \u003cul\u003e \u003cli\u003eLearn what a phish is, and the deceptive ways they've been used\u003c\/li\u003e \u003cli\u003eUnderstand decision-making, and the sneaky ways phishers reel you in\u003c\/li\u003e \u003cli\u003eRecognize different types of phish, and know what to do when you catch one\u003c\/li\u003e \u003cli\u003eUse phishing as part of your security awareness program for heightened protection\u003c\/li\u003e \u003c\/ul\u003e \u003cp\u003eAttempts to deal with the growing number of phishing incidents include legislation, user training, public awareness, and technical security, but phishing still exploits the natural way humans respond to certain situations. \u003ci\u003ePhishing Dark Waters\u003c\/i\u003e is an indispensible guide to recognizing and blocking the phish, keeping you, your organization, and your finances safe.\u003c\/p\u003e Foreword xxiii \u003cp\u003eIntroduction xxvii\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 1 An Introduction to the Wild World of Phishing 1\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003ePhishing 101 2\u003c\/p\u003e \u003cp\u003eHow People Phish 4\u003c\/p\u003e \u003cp\u003eExamples 7\u003c\/p\u003e \u003cp\u003eHigh-Profi le Breaches 7\u003c\/p\u003e \u003cp\u003ePhish in Their Natural Habitat 10\u003c\/p\u003e \u003cp\u003ePhish with Bigger Teeth 22\u003c\/p\u003e \u003cp\u003eSpear Phishing 27\u003c\/p\u003e \u003cp\u003eSummary 29\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 2 The Psychological Principles of Decision-Making 33\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eDecision-Making: Small Bits 34\u003c\/p\u003e \u003cp\u003eCognitive Bias 35\u003c\/p\u003e \u003cp\u003ePhysiological States 37\u003c\/p\u003e \u003cp\u003eExternal Factors 38\u003c\/p\u003e \u003cp\u003eThe Bottom Line About Decision-Making 39\u003c\/p\u003e \u003cp\u003eIt Seemed Like a Good Idea at the Time 40\u003c\/p\u003e \u003cp\u003eHow Phishers Bait the Hook 41\u003c\/p\u003e \u003cp\u003eIntroducing the Amygdala 44\u003c\/p\u003e \u003cp\u003eThe Guild of Hijacked Amygdalas 45\u003c\/p\u003e \u003cp\u003ePutting a Leash on the Amygdala 48\u003c\/p\u003e \u003cp\u003eWash, Rinse, Repeat 49\u003c\/p\u003e \u003cp\u003eSummary 50\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 3 Influence and Manipulation 53\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eWhy the Difference Matters to Us 55\u003c\/p\u003e \u003cp\u003eHow Do I Tell the Difference? 56\u003c\/p\u003e \u003cp\u003eHow Will We Build Rapport with Our Targets? 56\u003c\/p\u003e \u003cp\u003eHow Will Our Targets Feel After They Discover They’ve Been Tested? 56\u003c\/p\u003e \u003cp\u003eWhat Is Our Intent? 57\u003c\/p\u003e \u003cp\u003eBut the Bad Guys Will Use Manipulation . . . 57\u003c\/p\u003e \u003cp\u003eLies, All Lies 58\u003c\/p\u003e \u003cp\u003eP Is for Punishment 59\u003c\/p\u003e \u003cp\u003ePrinciples of Influence 61\u003c\/p\u003e \u003cp\u003eReciprocity 61\u003c\/p\u003e \u003cp\u003eObligation 62\u003c\/p\u003e \u003cp\u003eConcession 63\u003c\/p\u003e \u003cp\u003eScarcity 63\u003c\/p\u003e \u003cp\u003eAuthority 64\u003c\/p\u003e \u003cp\u003eConsistency and Commitment 65\u003c\/p\u003e \u003cp\u003eLiking 66\u003c\/p\u003e \u003cp\u003eSocial Proof 67\u003c\/p\u003e \u003cp\u003eMore Fun with Influence 67\u003c\/p\u003e \u003cp\u003eOur Social Nature 67\u003c\/p\u003e \u003cp\u003ePhysiological Response 68\u003c\/p\u003e \u003cp\u003ePsychological Response 69\u003c\/p\u003e \u003cp\u003eThings to Know About Manipulation 70\u003c\/p\u003e \u003cp\u003eSummary 71\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 4 Lessons in Protection 75\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eLesson One: Critical Thinking 76\u003c\/p\u003e \u003cp\u003eHow Can Attackers Bypass This Method? 77\u003c\/p\u003e \u003cp\u003eLesson Two: Learn to Hover 77\u003c\/p\u003e \u003cp\u003eWhat If I Already Clicked the Link and I Think It’s Dangerous? 80\u003c\/p\u003e \u003cp\u003eHow Can Attackers Bypass This Method? 81\u003c\/p\u003e \u003cp\u003eLesson Three: URL Deciphering 82\u003c\/p\u003e \u003cp\u003eHow Can Attackers Bypass This Method? 85\u003c\/p\u003e \u003cp\u003eLesson Four: Analyzing E-mail Headers 85\u003c\/p\u003e \u003cp\u003eHow Can Attackers Bypass This Method? 90\u003c\/p\u003e \u003cp\u003eLesson Five: Sandboxing 90\u003c\/p\u003e \u003cp\u003eHow Can Attackers Bypass This Method? 91\u003c\/p\u003e \u003cp\u003eThe “Wall of Sheep,” or a Net of Bad Ideas 92\u003c\/p\u003e \u003cp\u003eCopy and Paste Your Troubles Away 92\u003c\/p\u003e \u003cp\u003eSharing Is Caring 93\u003c\/p\u003e \u003cp\u003eMy Mobile Is Secure 94\u003c\/p\u003e \u003cp\u003eA Good Antivirus Program Will Save You 94\u003c\/p\u003e \u003cp\u003eSummary 95\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 5 Plan Your Phishing Trip: Creating the Enterprise Phishing Program 97\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eThe Basic Recipe 99\u003c\/p\u003e \u003cp\u003eWhy? 99\u003c\/p\u003e \u003cp\u003eWhat’s the Theme? 102\u003c\/p\u003e \u003cp\u003eThe Big, Fat, Not-So-Legal Section 105\u003c\/p\u003e \u003cp\u003eDeveloping the Program 107\u003c\/p\u003e \u003cp\u003eSetting a Baseline 108\u003c\/p\u003e \u003cp\u003eSetting the Difficulty Level 109\u003c\/p\u003e \u003cp\u003eWriting the Phish 121\u003c\/p\u003e \u003cp\u003eTracking and Statistics 122\u003c\/p\u003e \u003cp\u003eReporting 125\u003c\/p\u003e \u003cp\u003ePhish, Educate, Repeat 127\u003c\/p\u003e \u003cp\u003eSummary 128\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 6 The Good, the Bad, and the Ugly: Policies and More 131\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eOh, the Feels: Emotion and Policies 132\u003c\/p\u003e \u003cp\u003eThe Definition 132\u003c\/p\u003e \u003cp\u003eThe Bad 133\u003c\/p\u003e \u003cp\u003eMaking It “Good” 133\u003c\/p\u003e \u003cp\u003eThe Boss Is Exempt 133\u003c\/p\u003e \u003cp\u003eThe Definition 134\u003c\/p\u003e \u003cp\u003eThe Bad 134\u003c\/p\u003e \u003cp\u003eMaking It “Good” 134\u003c\/p\u003e \u003cp\u003eI’ll Just Patch One of the Holes 135\u003c\/p\u003e \u003cp\u003eThe Definition 135\u003c\/p\u003e \u003cp\u003eThe Bad 136\u003c\/p\u003e \u003cp\u003eMaking It “Good” 136\u003c\/p\u003e \u003cp\u003ePhish Just Enough to Hate It 136\u003c\/p\u003e \u003cp\u003eThe Definition 137\u003c\/p\u003e \u003cp\u003eThe Bad 137\u003c\/p\u003e \u003cp\u003eMaking It “Good” 138\u003c\/p\u003e \u003cp\u003eIf You Spot a Phish, Call This Number 138\u003c\/p\u003e \u003cp\u003eThe Definition 139\u003c\/p\u003e \u003cp\u003eThe Bad 139\u003c\/p\u003e \u003cp\u003eMaking It “Good” 140\u003c\/p\u003e \u003cp\u003eThe Bad Guys Take Mondays Off 140\u003c\/p\u003e \u003cp\u003eThe Definition 141\u003c\/p\u003e \u003cp\u003eThe Bad 141\u003c\/p\u003e \u003cp\u003eMaking It “Good” 141\u003c\/p\u003e \u003cp\u003eIf You Can’t See It, You Are Safe 142\u003c\/p\u003e \u003cp\u003eThe Definition 142\u003c\/p\u003e \u003cp\u003eThe Bad 143\u003c\/p\u003e \u003cp\u003eMaking It “Good” 143\u003c\/p\u003e \u003cp\u003eThe Lesson for Us All 143\u003c\/p\u003e \u003cp\u003eSummary 144\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 7 The Professional Phisher’s Tackle Bag 147\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eCommercial Applications 149\u003c\/p\u003e \u003cp\u003eRapid7 Metasploit Pro 149\u003c\/p\u003e \u003cp\u003eThreatSim 152\u003c\/p\u003e \u003cp\u003ePhishMe 158\u003c\/p\u003e \u003cp\u003eWombat PhishGuru 161\u003c\/p\u003e \u003cp\u003ePhishLine 165\u003c\/p\u003e \u003cp\u003eOpen Source Applications 168\u003c\/p\u003e \u003cp\u003eSET: Social-Engineer Toolkit 168\u003c\/p\u003e \u003cp\u003ePhishing Frenzy 171\u003c\/p\u003e \u003cp\u003eComparison Chart 174\u003c\/p\u003e \u003cp\u003eManaged or Not 176\u003c\/p\u003e \u003cp\u003eSummary 177\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 8 Phish Like a Boss 179\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003ePhishing the Deep End 180\u003c\/p\u003e \u003cp\u003eUnderstand What You’re Dealing With 180\u003c\/p\u003e \u003cp\u003eSet Realistic Goals for Your Organization 182\u003c\/p\u003e \u003cp\u003ePlan Your Program 183\u003c\/p\u003e \u003cp\u003eUnderstand the Stats 183\u003c\/p\u003e \u003cp\u003eRespond Appropriately 184\u003c\/p\u003e \u003cp\u003eMake the Choice: Build Inside or Outside 186\u003c\/p\u003e \u003cp\u003eSummary 187\u003c\/p\u003e \u003cp\u003eIndex 189\u003c\/p\u003e \u003cp\u003e\u003cb\u003eCHRISTOPHER HADNAGY,\u003c\/b\u003e author of \u003ci\u003eSocial Engineering: The Art of Human Hacking\u003c\/i\u003e, specializes in the human aspects of technology. With more than 14 years of experience in technology, he is CEO of Social-Engineer, Inc. and a frequent speaker at major security conferences. \u003cb\u003eMICHELE FINCHER\u003c\/b\u003e possesses more than 20 years experience as a behavioral scientist, researcher, and information security professional. She is a senior penetration tester and Chief Influencing Officer at Social-Engineer, Inc.\u003c\/p\u003e  \u003cp\u003e\u003cb\u003eLearn to catch a phish without becoming live bait.\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003ePhishing e-mails create daily havoc for both individuals and organizations. A social engineering technique that preys on our human nature, phishing remains remarkably successful for scammers and malicious social engineers despite increasingly sophisticated security programs and awareness campaigns. Christopher Hadnagy and Michele Fincher, practitioners and consultants in human-based security, have spent years working to understand how and why phishing works. In this book, they dissect what a phish is, why it succeeds, and the principles behind it, fully exposing all of its flaws and detailing innovative ways to defend against it. \u003c\/p\u003e\u003cp\u003eFocusing on the basics of the phish, the underlying psychology, the skillful use of influence, and a creative program to use the phisher's weapons against him, this highly readable guide provides tools for both individuals and corporations. Hadnagy and Fincher examine some of the most current and effective phish, show you how to spot a spoofed e-mail or cloned website, explore phishing education platforms that work, and demonstrate how to create your own phish to use in your security awareness program. \u003c\/p\u003e\u003cp\u003eDespite legislation, user training, public awareness, and technical security, phishing persists because it exploits our natural responses to e-mail requests. \u003ci\u003ePhishing Dark Waters, The Offensive and Defensive Sides of Malicious E-mails\u003c\/i\u003e arms you with a greater understanding of: \u003c\/p\u003e\u003cul\u003e\n\u003cli\u003eThe psychological principles that make phishing effective\u003c\/li\u003e \u003cli\u003eHigh-profile breaches, including Target, RSA, and Coca-Cola, that began with a phish\u003c\/li\u003e \u003cli\u003eCommon scams, including those following natural disasters and other highly publicized events \u003c\/li\u003e \u003cli\u003eDifferent goals of attackers: financial, corporate espionage, national security, and identity theft threats\u003c\/li\u003e \u003cli\u003eHow to protect your enterprise with a corporate phishing program and integrate it into company policies\u003c\/li\u003e \u003cli\u003eWays to catch a phish\u003c\/li\u003e \u003cli\u003eWhy most security awareness programs don't work\u003c\/li\u003e\n\u003c\/ul\u003e","brand":"Wiley","offers":[{"title":"Default Title","offer_id":47989782642917,"sku":"NP9781118958476","price":35.0,"currency_code":"USD","in_stock":false}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/1842\/7735\/files\/9781118958476.jpg?v=1761785448","url":"https:\/\/k12savings.com\/es\/products\/phishing-dark-waters-isbn-9781118958476","provider":"K12savings","version":"1.0","type":"link"}