Ebook Phishing dark waters - the offensive and defensive sides of malicious emails

Ebook "Phishing dark waters - the offensive and defensive sides of malicious emails" includes content: An introduction to the wild world of phishing; the psychological principles of decision making; influence and manipulation; lessons in protection; plan your phishing trip - creating the enterprise phishing program; the good, the bad, and the ugly - policies and more; the professional phisher's tackle bag; phish like a boss.
Nội dung trích xuất từ tài liệu:
Ebook Phishing dark waters - the offensive and defensive sides of malicious emails Table of Contents Introduction Am I a Builder Yet? Teaching People to Phish What You Can Expect Conventions Used in This Book Summary Notes Chapter 1: An Introduction to the Wild World of Phishing Phishing 101 How People Phish Examples Summary Notes Chapter 2: The Psychological Principles of Decision-Making Decision-Making: Small Bits It Seemed Like a Good Idea at the Time How Phishers Bait the Hook Introducing the Amygdala Wash, Rinse, Repeat Summary Notes Chapter 3: Influence and Manipulation Why the Difference Matters to Us How Do I Tell the Difference? But the Bad Guys Will Use Manipulation … Lies, All Lies P Is for Punishment Principles of Influence More Fun with Influence Things to Know About Manipulation Summary Notes Chapter 4: Lessons in Protection Lesson One: Critical Thinking Lesson Two: Learn to Hover Lesson Three: URL Deciphering Lesson Four: Analyzing E-mail Headers Lesson Five: Sandboxing The “Wall of Sheep,” or a Net of Bad Ideas Summary Chapter 5: Plan Your Phishing Trip: Creating the Enterprise Phishing Program The Basic Recipe Developing the Program Summary Chapter 6: The Good, the Bad, and the Ugly: Policies and More Oh, the Feels: Emotion and Policies The Boss Is Exempt I'll Just Patch One of the Holes Phish Just Enough to Hate It If You Spot a Phish, Call This Number The Bad Guys Take Mondays Off If You Can't See It, You Are Safe The Lesson for Us All Summary Chapter 7: The Professional Phisher's Tackle Bag Commercial Applications Open Source Applications Comparison Chart Managed or Not Summary Chapter 8: Phish Like a Boss Phishing the Deep End Summary Notes End User License Agreement List of Illustrations Figure 1.1 Figure 1.2 Figure 1.3 Figure 1.4 Figure 1.5 Figure 1.6 Figure 1.7 Figure 1.8 Figure 1.9 Figure 1.10 Figure 1.11 Figure 1.12 Figure 1.13 Figure 1.14 Figure 1.15 Figure 1.16 Figure 1.17 Figure 1.18 Figure 1.19 Figure 1.20 Figure 1.21 Figure 2.1 Figure 2.2 Figure 2.3 Figure 2.4 Figure 2.5 Figure 2.6 Figure 2.7 Figure 2.8 Figure 2.9 Figure 3.1 Figure 3.2 Figure 3.3 Figure 3.4 Figure 3.5 Figure 3.6 Figure 3.7 Figure 4.1 Figure 4.2 Figure 4.3 Figure 4.4 Figure 4.5 Figure 4.6 Figure 4.7 Figure 4.8 Figure 4.9 Figure 5.1 Figure 5.2 Figure 5.3 Figure 7.1 Figure 7.2 Figure 7.3 Figure 7.4 Figure 7.5 Figure 7.6 Figure 7.7 Figure 7.8 Figure 7.9 Figure 7.10 Figure 7.11 Figure 7.12 Figure 7.13 Figure 7.14 Figure 7.15 Figure 7.16 Figure 7.17 Figure 7.18 Figure 7.19 Figure 7.20 Figure 7.21 Figure 7.22 Figure 7.23 List of Tables Table 4.1 Table 4.2 Introduction “There was no such thing as a fair fight. All vulnerabilities must be exploited.” —Cary Caffrey Social engineering. Those two words have become a staple in most IT departments and, after the last couple years, in most of corporate America, too. One statistic states that more than 60 percent of all attacks had the “human factor” as either the crux of or a major piece of the attack. Analysis of almost all of the major hacking attacks from the past 12 months reveals that a large majority involved social engineering—a phishing e-mail, a spear phish, or a malicious phone call (vishing). I have written two books analyzing and dissecting the psychology, physiology, and historical aspects of con men, scammers, and social engineers. And in doing so, I have found that one recent theme comes up, and that is e-mail. Since its beginning, e-mail has been used by scammers and social engineers to dupe people out of credentials, money, information, and much more. In a recent report, the Radicati Group estimates that in 2014 there was an average of 191.4 billion e-mails sent each day. That equates to more than 69.8 trillion e-mails per year.1 Can you even imagine that number? That is 69,861,000,000,000— staggering, isn't it? Now try to swallow that more than 90 percent of e-mails are spam, according to the information on the Social-Engineer Infographic.2 E-mail has become a part of life. We use it on our computers, our tablets, and our phones. In some groups of people that I've worked with, more than half the people have told me that they get 100, 150, or 200 e- mails per day! In 2014, the Radicati Group stated that there are 4.1 billion e-mail addresses in the world. Using that figure and a calculator, I discovered that the average is almost 50 e-mails per person per day, every day of the year. Because we know that not every single person in the world gets that many messages, it is not inconceivable to think that many of us receive 100, 150, or even 250 e-mails per day. As people get more stressed, as workloads increase, and as the use of technology reaches an all-time high, the scam artists, con men, and social engineers know that e-mail is a great vector into our businesses and homes. Mix that with how easy it is to create fake e-mail accounts, spoof legitimate accounts, and fool people into taking actions that may not be in their best interests, and we can see why e-mail is quickly becoming the number-one vector for malicious attackers. When we are not running social-engineering competitions at major conferences like DEF CON, and Michele is not fighting with students (real story, I swear), we travel the globe to work with some of the biggest and best companies on their security programs. Even companies that know what they are doing and have robust programs for security awareness and protection are still falling victim to the threat of phishing. We wrote the pages of this book with that experience in mind. We asked ourselves, “How can we take the years of experience in working with so ...