Learn to catch a phish without becoming live bait.
Phishing e-mails create daily havoc for both individuals and organizations. A social engineering technique that preys on our human nature, phishing remains remarkably successful for scammers and malicious social engineers despite increasingly sophisticated security programs and awareness campaigns. Christopher Hadnagy and Michele Fincher, practitioners and consultants in human-based security, have spent years working to understand how and why phishing works. In this book, they dissect what a phish is, why it succeeds, and the principles behind it, fully exposing all of its flaws and detailing innovative ways to defend against it.
Focusing on the basics of the phish, the underlying psychology, the skillful use of influence, and a creative program to use the phisher's weapons against him, this highly readable guide provides tools for both individuals and corporations. Hadnagy and Fincher examine some of the most current and effective phish, show you how to spot a spoofed e-mail or cloned website, explore phishing education platforms that work, and demonstrate how to create your own phish to use in your security awareness program.
Despite legislation, user training, public awareness, and technical security, phishing persists because it exploits our natural responses to e-mail requests. Phishing Dark Waters, The Offensive and Defensive Sides of Malicious E-mails arms you with a greater understanding of:
- The psychological principles that make phishing effective
- High-profile breaches, including Target, RSA, and Coca-Cola, that began with a phish
- Common scams, including those following natural disasters and other highly publicized events
- Different goals of attackers: financial, corporate espionage, national security, and identity theft threats
- How to protect your enterprise with a corporate phishing program and integrate it into company policies
- Ways to catch a phish
- Why most security awareness programs don't work