Phishing Dark Waters: The Offensive and Defensive Sides of Malicious Emails

by Christopher Hadnagy, Michele Fincher, Robin Dreeke (Foreword)

An essential anti-phishing desk reference for anyone with an email address Phishing Dark Waters addresses the growing and continuing scourge of phishing emails, and provides actionable defensive techniques and tools to help you steer clear of malicious emails. Phishing is analyzed from the viewpoint of human decision-making and the impact of deliberate influence and manipulation on the recipient. With expert guidance, this book provides insight into the financial, corporate espionage, nation state, and identity theft goals of the attackers, and teaches you how to spot a spoofed e-mail or cloned website. Included are detailed examples of high profile breaches at Target, RSA, Coca Cola, and the AP, as well as an examination of sample scams including the Nigerian 419, financial themes, and post high-profile event attacks. Learn how to protect yourself and your organization using anti-phishing tools, and how to create your own phish to use as part of a security awareness program.

Phishing is a social engineering technique through email that deceives users into taking an action that is not in their best interest, but usually with the goal of disclosing information or installing malware on the victim's computer. Phishing Dark Waters explains the phishing process and techniques, and the defenses available to keep scammers at bay.

Learn what a phish is, and the deceptive ways they've been used Understand decision-making, and the sneaky ways phishers reel you in Recognize different types of phish, and know what to do when you catch one Use phishing as part of your security awareness program for heightened protection Attempts to deal with the growing number of phishing incidents include legislation, user training, public awareness, and technical security, but phishing still exploits the natural way humans respond to certain situations. Phishing Dark Waters is an indispensible guide to recognizing and blocking the phish, keeping you, your organization, and your finances safe.

Genres: Nonfiction, Ebooks, Technology

224 pages, Paperback

First published March 18, 2015

Reviews

[Ayoub · Rating 1 out of 5]

worst book of the year

[XoG · Rating 2 out of 5]

I would definitely agree with the opinion below that this book title is a phish. An appropriate title should be smth like "Phishing for managers".

Book consists of:
70% - advertisement of the authors (non-directly), other consultants in this sphere and software (directly). Phrase "for your company" is met far too often, I think...
25% - information about phishing mechanisms.
5% - acknowledgements, memories and useless summaries.

[Freddie Barr-Smith · Rating 3 out of 5]

Very good in parts but I felt overall lacking on the techniques of constructing effective phishes that weren't using pre-made toolkits.

[d1gital · Rating 2 out of 5]

It may be a good reference for someone who is looking for it, but definitely has nothing to do with its title. Although congratulations with "book title" phish.

[Tom Schulte · Rating 3 out of 5]

I was kinda hoping for some true crime/con artist insights into the spammer side, but this has nothing of that. It is an introduction to e-mail based hacks and how to defend against them, particularly by triaging staff to look for content clues, hover over links without clicking them, etc. This is best for IT staff looking to get started on this activity. The authors offer managed services, but this is not a sales pitch. Advice and honest product assessments are given that I feel would be of help to even departments looking to implement and inhouse solution or at least be intelligent about understanding what services they could and should ask for.

[Mert Karababa · Rating 5 out of 5]

Although I am a computer engineering student, after reading this book, I understood more easily what kind of threats I faced while browsing the internet.If we look at the current world, since everyone has an internet connection, this book is for everyone.Yet in my opinion it is a book that everyone who is an IT student or working in any company must read and understand, because we can get big punishments because of our little mistakes.

[Numan · Rating 2 out of 5]

The title is definitely misleading. Although I had different expectations after reading the what to expect page, I still chose to give it a chance and continue reading.

The book's content wasn't what I had anticipated. I was expecting a technical book, but it turned out to be more of a psychological book with only a few technical aspects.

[Adam Ernest · Rating 4 out of 5]

Good read for understanding a complete phishing program

I did not like some of the analogies used in this book but other than that the information for setting up your own phishing program and the concepts about how phishing works is there. Overall its a good book.

[Ivars Svekris · Rating 5 out of 5]

Nice examples and psychological analysis.
For those looking on "how to do phishing program in enterprise" it's quite suitable.

[Diego · Rating 3 out of 5]

bien

[Lee · Rating 5 out of 5]

Great book for anyone! If you're interested in how phishing works or how to be a better phisher (for those trying to legimitately educate users on the dangers of phishing), this is a quick and entertaining read.

[Kevin · Rating 4 out of 5]

There is a lot of great content in here. Whether you're interested in protecting yourself from these sort of attacks or performing your own (with permission of course...), this book is full of great examples and insights.

[Ahmed Sultan · Rating 4 out of 5]

one of the best of it's category
bought it with the social engineer's playbook
both complete each other and rich of info that i really was in bad need to know