Phishing Dark Waters

Оглавление

Fincher Michele. Phishing Dark Waters

Introduction

Am I a Builder Yet?

Teaching People to Phish

What You Can Expect

Conventions Used in This Book

Summary

Chapter 1. An Introduction to the Wild World of Phishing

Phishing 101

How People Phish

Examples

Summary

Chapter 2. The Psychological Principles of Decision-Making

Decision-Making: Small Bits

It Seemed Like a Good Idea at the Time

How Phishers Bait the Hook

Introducing the Amygdala

Wash, Rinse, Repeat

Summary

Chapter 3. Influence and Manipulation

Why the Difference Matters to Us

How Do I Tell the Difference?

But the Bad Guys Will Use Manipulation …

Lies, All Lies

P Is for Punishment

Principles of Influence

More Fun with Influence

Things to Know About Manipulation

Summary

Chapter 4. Lessons in Protection

Lesson One: Critical Thinking

Lesson Two: Learn to Hover

Lesson Three: URL Deciphering

Lesson Four: Analyzing E-mail Headers

Lesson Five: Sandboxing

The “Wall of Sheep,” or a Net of Bad Ideas

Summary

Chapter 5. Plan Your Phishing Trip: Creating the Enterprise Phishing Program

The Basic Recipe

Developing the Program

Summary

Chapter 6. The Good, the Bad, and the Ugly: Policies and More

Oh, the Feels: Emotion and Policies

The Boss Is Exempt

I'll Just Patch One of the Holes

Phish Just Enough to Hate It

If You Spot a Phish, Call This Number

The Bad Guys Take Mondays Off

If You Can't See It, You Are Safe

The Lesson for Us All

Summary

Chapter 7. The Professional Phisher's Tackle Bag

Commercial Applications

Open Source Applications

Comparison Chart

Managed or Not

Summary

Chapter 8. Phish Like a Boss

Phishing the Deep End

Summary

About the Authors

About the Technical Editor

Credits

Acknowledgments

Foreword

Отрывок из книги

Social engineering. Those two words have become a staple in most IT departments and, after the last couple years, in most of corporate America, too. One statistic states that more than 60 percent of all attacks had the “human factor” as either the crux of or a major piece of the attack. Analysis of almost all of the major hacking attacks from the past 12 months reveals that a large majority involved social engineering – a phishing e-mail, a spear phish, or a malicious phone call (vishing).

I have written two books analyzing and dissecting the psychology, physiology, and historical aspects of con men, scammers, and social engineers. And in doing so, I have found that one recent theme comes up, and that is e-mail. Since its beginning, e-mail has been used by scammers and social engineers to dupe people out of credentials, money, information, and much more.

.....

• What psychological principles play a part in phishing?

• Can phishing really be used as a successful part of your security awareness education?

.....