O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Phishing Dark Waters: The Offensive and Defensive Sides of Malicious Emails

Book Description

An essential anti-phishing desk reference for anyone with an email address

Phishing Dark Waters addresses the growing and continuing scourge of phishing emails, and provides actionable defensive techniques and tools to help you steer clear of malicious emails. Phishing is analyzed from the viewpoint of human decision-making and the impact of deliberate influence and manipulation on the recipient. With expert guidance, this book provides insight into the financial, corporate espionage, nation state, and identity theft goals of the attackers, and teaches you how to spot a spoofed e-mail or cloned website. Included are detailed examples of high profile breaches at Target, RSA, Coca Cola, and the AP, as well as an examination of sample scams including the Nigerian 419, financial themes, and post high-profile event attacks. Learn how to protect yourself and your organization using anti-phishing tools, and how to create your own phish to use as part of a security awareness program.

Phishing is a social engineering technique through email that deceives users into taking an action that is not in their best interest, but usually with the goal of disclosing information or installing malware on the victim's computer. Phishing Dark Waters explains the phishing process and techniques, and the defenses available to keep scammers at bay.

  • Learn what a phish is, and the deceptive ways they've been used

  • Understand decision-making, and the sneaky ways phishers reel you in

  • Recognize different types of phish, and know what to do when you catch one

  • Use phishing as part of your security awareness program for heightened protection

  • Attempts to deal with the growing number of phishing incidents include legislation, user training, public awareness, and technical security, but phishing still exploits the natural way humans respond to certain situations. Phishing Dark Waters is an indispensible guide to recognizing and blocking the phish, keeping you, your organization, and your finances safe.

    Table of Contents

    1. Introduction
      1. Am I a Builder Yet?
      2. Teaching People to Phish
      3. What You Can Expect
      4. Conventions Used in This Book
      5. Summary
      6. Notes
    2. Chapter 1: An Introduction to the Wild World of Phishing
      1. Phishing 101
      2. How People Phish
      3. Examples
      4. Summary
      5. Notes
    3. Chapter 2: The Psychological Principles of Decision-Making
      1. Decision-Making: Small Bits
      2. It Seemed Like a Good Idea at the Time
      3. How Phishers Bait the Hook
      4. Introducing the Amygdala
      5. Wash, Rinse, Repeat
      6. Summary
      7. Notes
    4. Chapter 3: Influence and Manipulation
      1. Why the Difference Matters to Us
      2. How Do I Tell the Difference?
      3. But the Bad Guys Will Use Manipulation … Use Manipulation …
      4. Lies, All Lies
      5. P Is for Punishment
      6. Principles of Influence
      7. More Fun with Influence
      8. Things to Know About Manipulation
      9. Summary
      10. Notes
    5. Chapter 4: Lessons in Protection
      1. Lesson One: Critical Thinking
      2. Lesson Two: Learn to Hover
      3. Lesson Three: URL Deciphering
      4. Lesson Four: Analyzing E-mail Headers
      5. Lesson Five: Sandboxing
      6. The “Wall of Sheep,” or a Net of Bad Ideas
      7. Summary
    6. Chapter 5: Plan Your Phishing Trip: Creating the Enterprise Phishing Program
      1. The Basic Recipe
      2. Developing the Program
      3. Summary
    7. Chapter 6: The Good, the Bad, and the Ugly: Policies and More
      1. Oh, the Feels: Emotion and Policies
      2. The Boss Is Exempt
      3. I'll Just Patch One of the Holes
      4. Phish Just Enough to Hate It
      5. If You Spot a Phish, Call This Number
      6. The Bad Guys Take Mondays Off
      7. If You Can't See It, You Are Safe
      8. The Lesson for Us All
      9. Summary
    8. Chapter 7: The Professional Phisher's Tackle Bag
      1. Commercial Applications
      2. Open Source Applications
      3. Comparison Chart
      4. Managed or Not
      5. Summary
    9. Chapter 8: Phish Like a Boss
      1. Phishing the Deep End
      2. Summary
      3. Notes
    10. End User License Agreement