Phishing Dark Waters
Реклама. ООО «ЛитРес», ИНН: 7719571260.
Оглавление
Fincher Michele. Phishing Dark Waters
Introduction
Am I a Builder Yet?
Teaching People to Phish
What You Can Expect
Conventions Used in This Book
Summary
Chapter 1. An Introduction to the Wild World of Phishing
Phishing 101
How People Phish
Examples
Summary
Chapter 2. The Psychological Principles of Decision-Making
Decision-Making: Small Bits
It Seemed Like a Good Idea at the Time
How Phishers Bait the Hook
Introducing the Amygdala
Wash, Rinse, Repeat
Summary
Chapter 3. Influence and Manipulation
Why the Difference Matters to Us
How Do I Tell the Difference?
But the Bad Guys Will Use Manipulation …
Lies, All Lies
P Is for Punishment
Principles of Influence
More Fun with Influence
Things to Know About Manipulation
Summary
Chapter 4. Lessons in Protection
Lesson One: Critical Thinking
Lesson Two: Learn to Hover
Lesson Three: URL Deciphering
Lesson Four: Analyzing E-mail Headers
Lesson Five: Sandboxing
The “Wall of Sheep,” or a Net of Bad Ideas
Summary
Chapter 5. Plan Your Phishing Trip: Creating the Enterprise Phishing Program
The Basic Recipe
Developing the Program
Summary
Chapter 6. The Good, the Bad, and the Ugly: Policies and More
Oh, the Feels: Emotion and Policies
The Boss Is Exempt
I'll Just Patch One of the Holes
Phish Just Enough to Hate It
If You Spot a Phish, Call This Number
The Bad Guys Take Mondays Off
If You Can't See It, You Are Safe
The Lesson for Us All
Summary
Chapter 7. The Professional Phisher's Tackle Bag
Commercial Applications
Open Source Applications
Comparison Chart
Managed or Not
Summary
Chapter 8. Phish Like a Boss
Phishing the Deep End
Summary
About the Authors
About the Technical Editor
Credits
Acknowledgments
Foreword
Отрывок из книги
Social engineering. Those two words have become a staple in most IT departments and, after the last couple years, in most of corporate America, too. One statistic states that more than 60 percent of all attacks had the “human factor” as either the crux of or a major piece of the attack. Analysis of almost all of the major hacking attacks from the past 12 months reveals that a large majority involved social engineering – a phishing e-mail, a spear phish, or a malicious phone call (vishing).
I have written two books analyzing and dissecting the psychology, physiology, and historical aspects of con men, scammers, and social engineers. And in doing so, I have found that one recent theme comes up, and that is e-mail. Since its beginning, e-mail has been used by scammers and social engineers to dupe people out of credentials, money, information, and much more.
.....
• What psychological principles play a part in phishing?
• Can phishing really be used as a successful part of your security awareness education?
.....