An essential anti-phishing desk reference for anyone with an email address
Phishing Dark Waters addresses the growing and continuing scourge of phishing emails, and provides actionable defensive techniques and tools to help you steer clear of malicious emails. Phishing is analyzed from the viewpoint of human decision-making and the impact of deliberate influence and manipulation on the recipient. With expert guidance, this book provides insight into the financial, corporate espionage, nation state, and identity theft goals of the attackers, and teaches you how to spot a spoofed e-mail or cloned website. Included are detailed examples of high profile breaches at Target, RSA, Coca Cola, and the AP, as well as an examination of sample scams including the Nigerian 419, financial themes, and post high-profile event attacks. Learn how to protect yourself and your organization using anti-phishing tools, and how to create your own phish to use as part of a security awareness program.
Phishing is a social engineering technique through email that deceives users into taking an action that is not in their best interest, but usually with the goal of disclosing information or installing malware on the victim's computer. Phishing Dark Waters explains the phishing process and techniques, and the defenses available to keep scammers at bay.
Learn what a phish is, and the deceptive ways they've been used
Understand decision-making, and the sneaky ways phishers reel you in
Recognize different types of phish, and know what to do when you catch one
Use phishing as part of your security awareness program for heightened protection
Attempts to deal with the growing number of phishing incidents include legislation, user training, public awareness, and technical security, but phishing still exploits the natural way humans respond to certain situations. Phishing Dark Waters is an indispensible guide to recognizing and blocking the phish, keeping you, your organization, and your finances safe.
Trusted by 375,005 students
Access to over 1.5 million titles for a fair monthly price.
Chapter 1 An Introduction to the Wild World of Phishing
Lana: Do you think this is some kind of a trap?
Archer: What? No, I don't think it's a trap! Although I never do …and it very often is.
—Archer, Season 4 Episode 13
Because we're going to be spending some time together, I feel I should start our relationship with an honest self-disclosure. Although I consider myself to be a reasonably smart person, I have made an inestimable number of stupid mistakes. Many of these started with me yelling, “Hey, watch this!” or thinking to myself, “I wonder what would happen if <insert dangerous/stupid situation here>.” But most often, my mistakes have come not from yelling challenges or thinking about possibilities but from not thinking at all. This absence of thinking typically has led to only one conclusion—taking an impulsive action. Scammers, criminals, and con men have clearly met me in a past life, because this is one of the key aspects that make them successful. Phishing in its various forms has become a high-profile attack vector used by these folks because it's a relatively easy way to reach others and get them to act without thinking.
NOTE
One more thing before this train really gets rolling. You may notice that when I refer to the bad guy, I use the pronoun “he.” (See? I even said bad “guy.”) I'm not sexist, nor am I saying all scammers are male. It's just simpler than improperly using “they” or saying “he or she” just to be inoffensive to someone, and it avoids adding a layer of complexity that's off the point. So “he” does bad stuff. But a bad guy can be anyone.
Phishing 101
Let's start with some basic information. What is phishing? We define it as the practice of sending e-mails that appear to be from reputable sources with the goal of influencing or gaining personal information. That is a long way of saying that phishing involves sneaky e-mails from bad people. It combines both social engineering and technical trickery. It could involve an attachment within the e-mail that loads malware (malicious software) onto your computer. It could also be a link to an illegitimate website. These websites can trick you into downloading malware or handing over your personal information. Furthermore, spear phishing is a very targeted form of this activity. Attackers take the time to conduct research into targets and create messages that are personal and relevant. Because of this, spear phish can be very hard to detect and even harder to defend against.
Anyone on this planet with an e-mail address has likely received a phish, and on the basis of the reported numbers, many have clicked. Let's be very clear about something. Clicking doesn't make you stupid. It's a mistake that happens when you don't take the time to think things through or simply don't have the information to make a good decision. (Me driving from Biloxi, MS, to Tucson, AZ, in one shot, now that was stupid.)
It's probably safe to say that there are common targets and common attackers. Phishers' motives tend to be pretty typical: money or information (which usually leads to money). If you are one of the many who has received an e-mail urging you to assist a dethroned prince in moving his inheritance, you've been a part of the numbers game. Very few of us are fabulously wealthy. But when a phisher gets a bunch of regular people to help the prince by donating a small “transfer fee” to assist the flow of funds (often requested in these scams), it starts to add up. Or, if an e-mail from “your bank” gets you to hand over your personal information, it could have drastic financial consequences if your identity is stolen.
Other probable targets are the worker bees at any company. Although they alone may not have much information, mistakenly handing over login information can get an attacker into the company network. This can be the endgame if the rewards are big enough, or it might just be a way to escalate an attack to other opportunities.
Other than regular people, there are clearly high-value targets that include folks located somewhere in the direct food chain of large corporations and governments. The higher people are in the organization, the more likely they are to become targets of spear phish because of the time and effort it takes to get to them and the resultant payoff. This is when the consequences can become dire at the level of entire economies as opposed to individuals.
If you move beyond the common criminal and the common motive of quick money, the rationale and the attackers can get big and scary pretty quickly. At one end of that, there might be people interested in the public embarrassment of a large organization for political or personal beliefs. For example, the Syrian Electronic Army (SEA) has been cited in a number of recent cases in which phishing e-mails led to the compromise of several media organizations, including the Associated Press (AP),1 CNN,2 and Forbes,3 just to name a few. Clearly, there have been financial consequences; for instance, the hack of the AP Twitter account caused a 143-point drop in the Dow (see Figure 1.1). No small potatoes, but what about the public loss of reputation for a major media outlet? We could debate all day which consequence was actually more costly. On a positive note, however, it did make all of us reconsider whether social media is the best way to get reliable, breaking news.
Figure 1.1 Hacked AP tweet
Going even deeper, we get into cyber espionage at the corporate and/or nation-state level. Now we're talking about trade secrets, global economies, and national security. At this point, the consequences and fallout become clear to ...
Table of contents
Cover
Introduction
Chapter 1: An Introduction to the Wild World of Phishing
Chapter 2: The Psychological Principles of Decision-Making
Chapter 3: Influence and Manipulation
Chapter 4: Lessons in Protection
Chapter 5: Plan Your Phishing Trip: Creating the Enterprise Phishing Program
Chapter 6: The Good, the Bad, and the Ugly: Policies and More
Chapter 7: The Professional Phisher's Tackle Bag
Chapter 8: Phish Like a Boss
End User License Agreement
Frequently asked questions
Yes, you can cancel anytime from the Subscription tab in your account settings on the Perlego website. Your subscription will stay active until the end of your current billing period. Learn how to cancel your subscription
No, books cannot be downloaded as external files, such as PDFs, for use outside of Perlego. However, you can download books within the Perlego app for offline reading on mobile or tablet. Learn how to download books offline
Perlego offers two plans: Essential and Complete
Essential is ideal for learners and professionals who enjoy exploring a wide range of subjects. Access the Essential Library with 800,000+ trusted titles and best-sellers across business, personal growth, and the humanities. Includes unlimited reading time and Standard Read Aloud voice.
Complete: Perfect for advanced learners and researchers needing full, unrestricted access. Unlock 1.5M+ books across hundreds of subjects, including academic and specialized titles. The Complete Plan also includes advanced features like Premium Read Aloud and Research Assistant.
Both plans are available with monthly, semester, or annual billing cycles.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1.5 million books across 990+ topics, we’ve got you covered! Learn about our mission
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more about Read Aloud
Yes! You can use the Perlego app on both iOS and Android devices to read anytime, anywhere — even offline. Perfect for commutes or when you’re on the go. Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app
Yes, you can access Phishing Dark Waters by Christopher Hadnagy,Michele Fincher in PDF and/or ePUB format, as well as other popular books in Informatik & Cybersicherheit. We have over 1.5 million books available in our catalogue for you to explore.
