Book description
Keep valuable data safe from even the most sophisticated social engineering and phishing attacks
Fighting Phishing: Everything You Can Do To Fight Social Engineering and Phishing serves as the ideal defense against phishing for any reader, from large organizations to individuals. Unlike most anti-phishing books, which focus only on one or two strategies, this book discusses all the policies, education, and technical strategies that are essential to a complete phishing defense. This book gives clear instructions for deploying a great defense-in-depth strategy to defeat hackers and malware. Written by the lead data-driven defense evangelist at the world's number one anti-phishing company, KnowBe4, Inc., this guide shows you how to create an enduring, integrated cybersecurity culture.
- Learn what social engineering and phishing are, why they are so dangerous to your cybersecurity, and how to defend against them
- Educate yourself and other users on how to identify and avoid phishing scams, to stop attacks before they begin
- Discover the latest tools and strategies for locking down data when phishing has taken place, and stop breaches from spreading
- Develop technology and security policies that protect your organization against the most common types of social engineering and phishing
Anyone looking to defend themselves or their organization from phishing will appreciate the uncommonly comprehensive approach in Fighting Phishing.
Table of contents
- Cover
- Table of Contents
- Title Page
- Introduction
-
PART I: Introduction to Social Engineering Security
- CHAPTER 1: Introduction to Social Engineering and Phishing
-
CHAPTER 2: Phishing Terminology and Examples
- Social Engineering
- Phish
- Well-Known Brands
- Top Phishing Subjects
- Stressor Statements
- Malicious Downloads
- Malware
- Bots
- Downloader
- Account Takeover
- Spam
- Spear Phishing
- Whaling
- Page Hijacking
- SEO Pharming
- Calendar Phishing
- Social Media Phishing
- Romance Scams
- Vishing
- Pretexting
- Open-Source Intelligence
- Callback Phishing
- Smishing
- Business Email Compromise
- Sextortion
- Browser Attacks
- Baiting
- QR Phishing
- Phishing Tools and Kits
- Summary
- CHAPTER 3: 3x3 Cybersecurity Control Pillars
- PART II: Policies
-
PART III: Technical Defenses
-
CHAPTER 7: DMARC, SPF, and DKIM
- The Core Concepts
- A US and Global Standard
- Email Addresses
- Sender Policy Framework (SPF)
- Domain Keys Identified Mail (DKIM)
- Domain-based Message Authentication, Reporting, and Conformance (DMARC)
- Configuring DMARC, SPF, and DKIM
- Putting It All Together
- DMARC Configuration Checking
- How to Verify DMARC Checks
- How to Use DMARC
- What DMARC Doesn't Do
- Other DMARC Resources
- Summary
- CHAPTER 8: Network and Server Defenses
-
CHAPTER 9: Endpoint Defenses
- Focusing on Endpoints
- Anti-Spam and Anti-Phishing Filters
- Anti-Malware
- Patch Management
- Browser Settings
- Browser Notifications
- Email Client Settings
- Firewalls
- Phishing-Resistant MFA
- Password Managers
- VPNs
- Prevent Unauthorized External Domain Collaboration
- DMARC
- End Users Should Not Be Logged on as Admin
- Change and Configuration Management
- Mobile Device Management
- Summary
- CHAPTER 10: Advanced Defenses
-
CHAPTER 7: DMARC, SPF, and DKIM
-
PART IV: Creating a Great Security Awareness Program
- CHAPTER 11: Security Awareness Training Overview
- CHAPTER 12: How to Do Training Right
- CHAPTER 13: Recognizing Rogue URLs
- CHAPTER 14: Fighting Spear Phishing
- CHAPTER 15: Forensically Examining Emails
-
CHAPTER 16: Miscellaneous Hints and Tricks
- First-Time Firing Offense
- Text-Only Email
- Memory Issues
- SAT Counselor
- Annual SAT User Conference
- Voice-Call Tests
- Credential Searches
- Dark Web Searches
- Social Engineering Penetration Tests
- Ransomware Recovery
- Patch, Patch, Patch
- CISA Cybersecurity Awareness Program
- Passkeys
- Avoid Controversial Simulated Phishing Subjects
- Practice and Teach Mindfulness
- Must Have Mindfulness Reading
- Summary
- CHAPTER 17: Improving Your Security Culture
- Conclusion
- Acknowledgments
- About the Author
- Index
- Copyright
- Dedication
- End User License Agreement
Product information
- Title: Fighting Phishing
- Author(s):
- Release date: February 2024
- Publisher(s): Wiley
- ISBN: 9781394249206
You might also like
book
Take Control of Your Passwords, 4th Edition
Overcome password frustration with Joe Kissell's expert advice! Version 4.1.1, updated March 21, 2024 Password overload …
book
Hacks, Leaks, and Revelations
Unlock the internet’s treasure trove of public interest data with Hacks, Leaks, and Revelations by Micah …
book
A CISO Guide to Cyber Resilience
Explore expert strategies to master cyber resilience as a CISO, ensuring your organization's security program stands …
book
Ransomware and Data Extortion
Ransomware poses an existential threat to organizations of all sizes in any vertical. These attacks are …