• Complain

Christopher Hadnagy - Phishing Dark Waters: The Offensive and Defensive Sides of Malicious Emails

Here you can read online Christopher Hadnagy - Phishing Dark Waters: The Offensive and Defensive Sides of Malicious Emails full text of the book (entire story) in english for free. Download pdf and epub, get meaning, cover and reviews about this ebook. year: 2015, publisher: Wiley, genre: Romance novel. Description of the work, (preface) as well as reviews are available. Best literature library LitArk.com created for fans of good reading and offers a wide selection of genres:

Romance novel Science fiction Adventure Detective Science History Home and family Prose Art Politics Computer Non-fiction Religion Business Children Humor

Choose a favorite category and find really read worthwhile books. Enjoy immersion in the world of imagination, feel the emotions of the characters or learn something new for yourself, make an fascinating discovery.

Christopher Hadnagy Phishing Dark Waters: The Offensive and Defensive Sides of Malicious Emails

Phishing Dark Waters: The Offensive and Defensive Sides of Malicious Emails: summary, description and annotation

We offer to read an annotation, description, summary or preface (depends on what the author of the book "Phishing Dark Waters: The Offensive and Defensive Sides of Malicious Emails" wrote himself). If you haven't found the necessary information about the book — write in the comments, we will try to find it.

An essential anti-phishing desk reference for anyone with anemail address

Phishing Dark Waters addresses the growing and continuingscourge of phishing emails, and provides actionable defensivetechniques and tools to help you steer clear of malicious emails.Phishing is analyzed from the viewpoint of human decision-makingand the impact of deliberate influence and manipulation on therecipient. With expert guidance, this book provides insight intothe financial, corporate espionage, nation state, and identitytheft goals of the attackers, and teaches you how to spot a spoofede-mail or cloned website. Included are detailed examples of highprofile breaches at Target, RSA, Coca Cola, and the AP, as well asan examination of sample scams including the Nigerian 419,financial themes, and post high-profile event attacks. Learn how toprotect yourself and your organization using anti-phishing tools,and how to create your own phish to use as part of a securityawareness program.

Phishing is a social engineering technique through email thatdeceives users into taking an action that is not in their bestinterest, but usually with the goal of disclosing information orinstalling malware on the victims computer. Phishing DarkWaters explains the phishing process and techniques, and thedefenses available to keep scammers at bay. * Learn what a phish is, and the deceptive ways theyve beenused * Understand decision-making, and the sneaky ways phishers reelyou in * Recognize different types of phish, and know what to do whenyou catch one * Use phishing as part of your security awareness program forheightened protection

Attempts to deal with the growing number of phishing incidentsinclude legislation, user training, public awareness, and technicalsecurity, but phishing still exploits the natural way humansrespond to certain situations. Phishing Dark Waters is anindispensible guide to recognizing and blocking the phish, keepingyou, your organization, and your finances safe.

Christopher Hadnagy: author's other books


Who wrote Phishing Dark Waters: The Offensive and Defensive Sides of Malicious Emails? Find out the surname, the name of the author of the book and a list of all author's works by series.

Phishing Dark Waters: The Offensive and Defensive Sides of Malicious Emails — read online for free the complete book (whole text) full work

Below is the text of the book, divided by pages. System saving the place of the last page read, allows you to conveniently read the book "Phishing Dark Waters: The Offensive and Defensive Sides of Malicious Emails" online for free, without having to search again every time where you left off. Put a bookmark, and you can go to the page where you finished reading at any time.

Light

Font size:

Reset

Interval:

Bookmark:

Make
Table of Contents
Pages
Guide
List of Illustrations
List of Tables
Introduction
There was no such thing as a fair fight. All vulnerabilities must be exploited.

Cary Caffrey

Social engineering. Those two words have become a staple in most IT departments and, after the last couple years, in most of corporate America, too. One statistic states that more than 60 percent of all attacks had the human factor as either the crux of or a major piece of the attack. Analysis of almost all of the major hacking attacks from the past 12 months reveals that a large majority involved social engineeringa phishing e-mail, a spear phish, or a malicious phone call (vishing).

I have written two books analyzing and dissecting the psychology, physiology, and historical aspects of con men, scammers, and social engineers. And in doing so, I have found that one recent theme comes up, and that is e-mail. Since its beginning, e-mail has been used by scammers and social engineers to dupe people out of credentials, money, information, and much more.

In a recent report, the Radicati Group estimates that in 2014 there was an average of 191.4 billion e-mails sent each day. That equates to more than 69.8 trillion e-mails per year.

E-mail has become a part of life. We use it on our computers, our tablets, and our phones. In some groups of people that I've worked with, more than half the people have told me that they get 100, 150, or 200 e-mails per day!

In 2014, the Radicati Group stated that there are 4.1 billion e-mail addresses in the world. Using that figure and a calculator, I discovered that the average is almost 50 e-mails per person per day, every day of the year. Because we know that not every single person in the world gets that many messages, it is not inconceivable to think that many of us receive 100, 150, or even 250 e-mails per day.

As people get more stressed, as workloads increase, and as the use of technology reaches an all-time high, the scam artists, con men, and social engineers know that e-mail is a great vector into our businesses and homes. Mix that with how easy it is to create fake e-mail accounts, spoof legitimate accounts, and fool people into taking actions that may not be in their best interests, and we can see why e-mail is quickly becoming the number-one vector for malicious attackers.

When we are not running social-engineering competitions at major conferences like DEF CON, and Michele is not fighting with students (real story, I swear), we travel the globe to work with some of the biggest and best companies on their security programs. Even companies that know what they are doing and have robust programs for security awareness and protection are still falling victim to the threat of phishing.

We wrote the pages of this book with that experience in mind. We asked ourselves, How can we take the years of experience in working with some of the world's largest companies and help every company put a plan into action to make the most of phishing education?

Am I a Builder Yet?

Michele and I started to develop a program that we implemented in a few places. The program is simple but powerful. It involves using the very tools that are used against us to empower us. We know that this concept is not something we invented. After all, there are more than a handful of companies right now selling phishing services to legitimate organizations. Many users of those productslarge companieshave come to us and said things like, We have been using this tool for a year, but our click ratios are still super high. What can we do?

Before I answer that, let me tell you a story. I remember when I was buying my first home. My wife and I were super excited as the closing approached. (We were going to own a home!) So I did what all men who own a home do: I bought some more tools. I went to Home Depot and bought a beautiful set of cordless tools, a saw, a drill, a jigsaw, and some other miscellaneous tools.

I brought them into my house the first day and found the perfect spot on the shelves in the basement for that toolbox. There it sat for a year. Then all of a sudden I had to cut something. I was so excited; I finally got to use my new tools! I got the toolbox and pulled out the circular saw. I read all the instructions, including something like, Ensure you are using the proper blade for the material you are cutting.

I looked at the blade, thought, Yep, looks sharp, and cut my board. It worked. I still had all my limbs and appendages, the board was cut, and the saw didn't blow up. This process continued for a couple hours when all of a sudden the saw started jamming; it stopped cutting. I charged the batteries and did the finger-touch test to the blade and thought, Ouch, still sharp. Frustrated, I determined the tool was at fault. Stupid saw; must be defective.

Then a friend came over to help me out. He took one look at the saw and said, Um, dude, why are you cutting 24s with a fine-tooth blade?

A what-toothed what? I replied.

My friend shook his head, and then he gave me an education on blades.

Why do I tell you this humiliating, emasculating story other than to point out my utter lack of manliness? To prove this point: Owning tools does not make you a builder!

Phishing tools are no different than construction tools. Just buying the tool doesn't make you secure, and it doesn't make you able to educate others on the phishing problem.

Teaching People to Phish

So, back to the program Michele and I were developing: We started to analyze phishing and security awareness programs and discoveredas many other serious security professionals have determinedthat many of them were useless.

No, security awareness is not useless. I'm not so nave and silly to say that we don't need awareness. But the style and method of awareness training just wasn't working. Seriously, raise your hand right now if you ever paid attention all the way through a 30- or 60-minute DVD presentation on security awareness. Okaythe one guy in the backyou can put your hand down. But as I suspected, barely a hand is raised.

People tune out training if it's not interactive and quick. Marketers know this; they tell us to make websites interesting, fun, interactive, and to the point. Why should education be anything less?

We started to come up with a plan to make the phishing portion of our clients' security awareness interactive, interesting, and, most of all, not too lengthy. That is why this book had to be written; we wanted to answer a few questions:

  • How serious is phishing?
  • What psychological principles play a part in phishing?
  • Can phishing really be used as a successful part of your security awareness education?
  • If so, how can a company implement that?
  • Can any size business create a serious phishing education program?

We sat down and outlined a book on phishing, defined our program, and formalized our methodology. We then gave a lot of thought to whether we wanted to release this to the public; after all, it took us years of work to develop our method. After we started to see how it was helping so many of our clients, we decided to write the book. On first approach, though, it seemed like a phishing book wasn't of much interest to manyat least not until the events of 2014, when phishing dominated the front pages again and again during real hacking events. Phishing is being used in attacks every day; phishing service providers are popping up every month; and companies all over the globe are jumping on the bandwagon to start phishing education programs.

What You Can Expect

Michele and I hope that this book will help you on your quest to protect yourself and your company against malicious phishers. We want to take you on the journey we went through in getting ready to write this book.

Next page
Light

Font size:

Reset

Interval:

Bookmark:

Make

Similar books «Phishing Dark Waters: The Offensive and Defensive Sides of Malicious Emails»

Look at similar books to Phishing Dark Waters: The Offensive and Defensive Sides of Malicious Emails. We have selected literature similar in name and meaning in the hope of providing readers with more options to find new, interesting, not yet read works.


Reviews about «Phishing Dark Waters: The Offensive and Defensive Sides of Malicious Emails»

Discussion, reviews of the book Phishing Dark Waters: The Offensive and Defensive Sides of Malicious Emails and just readers' own opinions. Leave your comments, write what you think about the work, its meaning or the main characters. Specify what exactly you liked and what you didn't like, and why you think so.