book

Fighting Phishing

Name: Fighting Phishing
Author: Roger A. Grimes
ISBN: 9781394249206

by Roger A. Grimes

February 2024

Intermediate to advanced

448 pages

9h 22m

English

Wiley

Read now

Unlock full access

Cover
Table of Contents
Title Page
Introduction
Who This Book Is ForWhat Is Covered in This BookHow to Contact Wiley or the Author
PART I: Introduction to Social Engineering Security
CHAPTER 1: Introduction to Social Engineering and Phishing
What Are Social Engineering and Phishing?How Prevalent Are Social Engineering and Phishing?Summary
CHAPTER 2: Phishing Terminology and Examples
Social EngineeringPhishWell-Known BrandsTop Phishing SubjectsStressor StatementsMalicious DownloadsMalwareBotsDownloaderAccount TakeoverSpamSpear PhishingWhalingPage HijackingSEO PharmingCalendar PhishingSocial Media PhishingRomance ScamsVishingPretextingOpen-Source IntelligenceCallback PhishingSmishingBusiness Email CompromiseSextortionBrowser AttacksBaitingQR PhishingPhishing Tools and KitsSummary
CHAPTER 3: 3x3 Cybersecurity Control Pillars
The Challenge of CybersecurityComplianceRisk ManagementDefense-In-Depth3x3 Cybersecurity Control PillarsSummary
PART II: Policies
CHAPTER 4: Acceptable Use and General Cybersecurity Policies
Acceptable Use Policy (AUP)General Cybersecurity PolicySummary

CHAPTER 5: Anti-Phishing Policies
The Importance of Anti-Phishing PoliciesWhat to IncludeSummary
CHAPTER 6: Creating a Corporate SAT Policy
Getting Started with Your SAT PolicyNecessary SAT Policy ComponentsExample of Security Awareness Training Corporate PolicyAcme Security Awareness Training Policy: Version 2.1Summary
PART III: Technical Defenses
CHAPTER 7: DMARC, SPF, and DKIM
The Core ConceptsA US and Global StandardEmail AddressesSender Policy Framework (SPF)Domain Keys Identified Mail (DKIM)Domain-based Message Authentication, Reporting, and Conformance (DMARC)Configuring DMARC, SPF, and DKIMPutting It All TogetherDMARC Configuration CheckingHow to Verify DMARC ChecksHow to Use DMARCWhat DMARC Doesn't DoOther DMARC ResourcesSummary
CHAPTER 8: Network and Server Defenses
Defining NetworkNetwork IsolationNetwork-Level Phishing AttacksNetwork- and Server-Level DefensesSummary
CHAPTER 9: Endpoint Defenses
Focusing on EndpointsAnti-Spam and Anti-Phishing FiltersAnti-MalwarePatch ManagementBrowser SettingsBrowser NotificationsEmail Client SettingsFirewallsPhishing-Resistant MFAPassword ManagersVPNsPrevent Unauthorized External Domain CollaborationDMARCEnd Users Should Not Be Logged on as AdminChange and Configuration ManagementMobile Device ManagementSummary
CHAPTER 10: Advanced Defenses
AI-Based Content FiltersSingle-Sign-OnsApplication Control ProgramsRed/Green DefensesEmail Server ChecksProactive Doppelganger SearchesHoneypots and CanariesHighlight New Email AddressesFighting USB AttacksPhone-Based TestingPhysical Penetration TestingSummary
PART IV: Creating a Great Security Awareness Program
CHAPTER 11: Security Awareness Training Overview
What Is Security Awareness Training?Goals of SATSenior Management SponsorshipAbsolutely Use Simulated Phishing TestsDifferent Types of TrainingComplianceLocalizationSAT Rhythm of the BusinessReporting/ResultsChecklistSummary
CHAPTER 12: How to Do Training Right
Designing an Effective Security Awareness Training ProgramBuilding/Selecting and Reviewing Training ContentAdditional ReferencesSummary
CHAPTER 13: Recognizing Rogue URLs
How to Read a URLMost Important URL InformationRogue URL TricksSummary
CHAPTER 14: Fighting Spear Phishing
BackgroundSpear Phishing ExamplesHow to Defend Against Spear PhishingSummary
CHAPTER 15: Forensically Examining Emails
Why Investigate?Why You Should Not InvestigateHow to InvestigateExamining EmailsClicking on Links and Running MalwareSubmit Links and File Attachments to AVThe Preponderance of EvidenceA Real-World Forensic Investigation ExampleSummary
CHAPTER 16: Miscellaneous Hints and Tricks
First-Time Firing OffenseText-Only EmailMemory IssuesSAT CounselorAnnual SAT User ConferenceVoice-Call TestsCredential SearchesDark Web SearchesSocial Engineering Penetration TestsRansomware RecoveryPatch, Patch, PatchCISA Cybersecurity Awareness ProgramPasskeysAvoid Controversial Simulated Phishing SubjectsPractice and Teach MindfulnessMust Have Mindfulness ReadingSummary
CHAPTER 17: Improving Your Security Culture
What Is a Security Culture?Seven Dimensions of a Security CultureImproving Security CultureOther ResourcesSummary
Conclusion
Acknowledgments
About the Author
Index
Copyright
Dedication
End User License Agreement

Overview

Keep valuable data safe from even the most sophisticated social engineering and phishing attacks

Fighting Phishing: Everything You Can Do To Fight Social Engineering and Phishing serves as the ideal defense against phishing for any reader, from large organizations to individuals. Unlike most anti-phishing books, which focus only on one or two strategies, this book discusses all the policies, education, and technical strategies that are essential to a complete phishing defense. This book gives clear instructions for deploying a great defense-in-depth strategy to defeat hackers and malware. Written by the lead data-driven defense evangelist at the world's number one anti-phishing company, KnowBe4, Inc., this guide shows you how to create an enduring, integrated cybersecurity culture.

Learn what social engineering and phishing are, why they are so dangerous to your cybersecurity, and how to defend against them
Educate yourself and other users on how to identify and avoid phishing scams, to stop attacks before they begin
Discover the latest tools and strategies for locking down data when phishing has taken place, and stop breaches from spreading
Develop technology and security policies that protect your organization against the most common types of social engineering and phishing

Anyone looking to defend themselves or their organization from phishing will appreciate the uncommonly comprehensive approach in Fighting Phishing.

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Cybersecurity – Attack and Defense Strategies - Third Edition

Publisher Resources

ISBN: 9781394249206Purchase Link

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills