Description

Book Synopsis
An essential anti-phishing desk reference for anyone with an email address

Phishing Dark Waters addresses the growing and continuing scourge of phishing emails, and provides actionable defensive techniques and tools to help you steer clear of malicious emails. Phishing is analyzed from the viewpoint of human decision-making and the impact of deliberate influence and manipulation on the recipient. With expert guidance, this book provides insight into the financial, corporate espionage, nation state, and identity theft goals of the attackers, and teaches you how to spot a spoofed e-mail or cloned website. Included are detailed examples of high profile breaches at Target, RSA, Coca Cola, and the AP, as well as an examination of sample scams including the Nigerian 419, financial themes, and post high-profile event attacks. Learn how to protect yourself and your organization using anti-phishing tools, and how to create your own phish to use as part of a security awareness

Table of Contents
Foreword xxiii

Introduction xxvii

Chapter 1 An Introduction to the Wild World of Phishing 1

Phishing 101 2

How People Phish 4

Examples 7

High-Profi le Breaches 7

Phish in Their Natural Habitat 10

Phish with Bigger Teeth 22

Spear Phishing 27

Summary 29

Chapter 2 The Psychological Principles of Decision-Making 33

Decision-Making: Small Bits 34

Cognitive Bias 35

Physiological States 37

External Factors 38

The Bottom Line About Decision-Making 39

It Seemed Like a Good Idea at the Time 40

How Phishers Bait the Hook 41

Introducing the Amygdala 44

The Guild of Hijacked Amygdalas 45

Putting a Leash on the Amygdala 48

Wash, Rinse, Repeat 49

Summary 50

Chapter 3 Influence and Manipulation 53

Why the Difference Matters to Us 55

How Do I Tell the Difference? 56

How Will We Build Rapport with Our Targets? 56

How Will Our Targets Feel After They Discover They’ve Been Tested? 56

What Is Our Intent? 57

But the Bad Guys Will Use Manipulation . . . 57

Lies, All Lies 58

P Is for Punishment 59

Principles of Influence 61

Reciprocity 61

Obligation 62

Concession 63

Scarcity 63

Authority 64

Consistency and Commitment 65

Liking 66

Social Proof 67

More Fun with Influence 67

Our Social Nature 67

Physiological Response 68

Psychological Response 69

Things to Know About Manipulation 70

Summary 71

Chapter 4 Lessons in Protection 75

Lesson One: Critical Thinking 76

How Can Attackers Bypass This Method? 77

Lesson Two: Learn to Hover 77

What If I Already Clicked the Link and I Think It’s Dangerous? 80

How Can Attackers Bypass This Method? 81

Lesson Three: URL Deciphering 82

How Can Attackers Bypass This Method? 85

Lesson Four: Analyzing E-mail Headers 85

How Can Attackers Bypass This Method? 90

Lesson Five: Sandboxing 90

How Can Attackers Bypass This Method? 91

The “Wall of Sheep,” or a Net of Bad Ideas 92

Copy and Paste Your Troubles Away 92

Sharing Is Caring 93

My Mobile Is Secure 94

A Good Antivirus Program Will Save You 94

Summary 95

Chapter 5 Plan Your Phishing Trip: Creating the Enterprise Phishing Program 97

The Basic Recipe 99

Why? 99

What’s the Theme? 102

The Big, Fat, Not-So-Legal Section 105

Developing the Program 107

Setting a Baseline 108

Setting the Difficulty Level 109

Writing the Phish 121

Tracking and Statistics 122

Reporting 125

Phish, Educate, Repeat 127

Summary 128

Chapter 6 The Good, the Bad, and the Ugly: Policies and More 131

Oh, the Feels: Emotion and Policies 132

The Definition 132

The Bad 133

Making It “Good” 133

The Boss Is Exempt 133

The Definition 134

The Bad 134

Making It “Good” 134

I’ll Just Patch One of the Holes 135

The Definition 135

The Bad 136

Making It “Good” 136

Phish Just Enough to Hate It 136

The Definition 137

The Bad 137

Making It “Good” 138

If You Spot a Phish, Call This Number 138

The Definition 139

The Bad 139

Making It “Good” 140

The Bad Guys Take Mondays Off 140

The Definition 141

The Bad 141

Making It “Good” 141

If You Can’t See It, You Are Safe 142

The Definition 142

The Bad 143

Making It “Good” 143

The Lesson for Us All 143

Summary 144

Chapter 7 The Professional Phisher’s Tackle Bag 147

Commercial Applications 149

Rapid7 Metasploit Pro 149

ThreatSim 152

PhishMe 158

Wombat PhishGuru 161

PhishLine 165

Open Source Applications 168

SET: Social-Engineer Toolkit 168

Phishing Frenzy 171

Comparison Chart 174

Managed or Not 176

Summary 177

Chapter 8 Phish Like a Boss 179

Phishing the Deep End 180

Understand What You’re Dealing With 180

Set Realistic Goals for Your Organization 182

Plan Your Program 183

Understand the Stats 183

Respond Appropriately 184

Make the Choice: Build Inside or Outside 186

Summary 187

Index 189

Phishing Dark Waters

    Product form

    £22.94

    Includes FREE delivery

    RRP £26.99 – you save £4.05 (15%)

    Order before 4pm tomorrow for delivery by Sat 4 Jul 2026.

    A Paperback / softback by Christopher Hadnagy, Michele Fincher, Robin Dreeke

      Trusted by thousands of customers. See 2,385+ Customer Reviews

      View other formats and editions of Phishing Dark Waters by Christopher Hadnagy

      Publisher: John Wiley & Sons Inc
      Publication Date: 15/05/2015
      ISBN13: 9781118958476, 978-1118958476
      ISBN10: 1118958470
      Also in:
      Computer networking and communications

      Description

      Book Synopsis
      An essential anti-phishing desk reference for anyone with an email address

      Phishing Dark Waters addresses the growing and continuing scourge of phishing emails, and provides actionable defensive techniques and tools to help you steer clear of malicious emails. Phishing is analyzed from the viewpoint of human decision-making and the impact of deliberate influence and manipulation on the recipient. With expert guidance, this book provides insight into the financial, corporate espionage, nation state, and identity theft goals of the attackers, and teaches you how to spot a spoofed e-mail or cloned website. Included are detailed examples of high profile breaches at Target, RSA, Coca Cola, and the AP, as well as an examination of sample scams including the Nigerian 419, financial themes, and post high-profile event attacks. Learn how to protect yourself and your organization using anti-phishing tools, and how to create your own phish to use as part of a security awareness

      Table of Contents
      Foreword xxiii

      Introduction xxvii

      Chapter 1 An Introduction to the Wild World of Phishing 1

      Phishing 101 2

      How People Phish 4

      Examples 7

      High-Profi le Breaches 7

      Phish in Their Natural Habitat 10

      Phish with Bigger Teeth 22

      Spear Phishing 27

      Summary 29

      Chapter 2 The Psychological Principles of Decision-Making 33

      Decision-Making: Small Bits 34

      Cognitive Bias 35

      Physiological States 37

      External Factors 38

      The Bottom Line About Decision-Making 39

      It Seemed Like a Good Idea at the Time 40

      How Phishers Bait the Hook 41

      Introducing the Amygdala 44

      The Guild of Hijacked Amygdalas 45

      Putting a Leash on the Amygdala 48

      Wash, Rinse, Repeat 49

      Summary 50

      Chapter 3 Influence and Manipulation 53

      Why the Difference Matters to Us 55

      How Do I Tell the Difference? 56

      How Will We Build Rapport with Our Targets? 56

      How Will Our Targets Feel After They Discover They’ve Been Tested? 56

      What Is Our Intent? 57

      But the Bad Guys Will Use Manipulation . . . 57

      Lies, All Lies 58

      P Is for Punishment 59

      Principles of Influence 61

      Reciprocity 61

      Obligation 62

      Concession 63

      Scarcity 63

      Authority 64

      Consistency and Commitment 65

      Liking 66

      Social Proof 67

      More Fun with Influence 67

      Our Social Nature 67

      Physiological Response 68

      Psychological Response 69

      Things to Know About Manipulation 70

      Summary 71

      Chapter 4 Lessons in Protection 75

      Lesson One: Critical Thinking 76

      How Can Attackers Bypass This Method? 77

      Lesson Two: Learn to Hover 77

      What If I Already Clicked the Link and I Think It’s Dangerous? 80

      How Can Attackers Bypass This Method? 81

      Lesson Three: URL Deciphering 82

      How Can Attackers Bypass This Method? 85

      Lesson Four: Analyzing E-mail Headers 85

      How Can Attackers Bypass This Method? 90

      Lesson Five: Sandboxing 90

      How Can Attackers Bypass This Method? 91

      The “Wall of Sheep,” or a Net of Bad Ideas 92

      Copy and Paste Your Troubles Away 92

      Sharing Is Caring 93

      My Mobile Is Secure 94

      A Good Antivirus Program Will Save You 94

      Summary 95

      Chapter 5 Plan Your Phishing Trip: Creating the Enterprise Phishing Program 97

      The Basic Recipe 99

      Why? 99

      What’s the Theme? 102

      The Big, Fat, Not-So-Legal Section 105

      Developing the Program 107

      Setting a Baseline 108

      Setting the Difficulty Level 109

      Writing the Phish 121

      Tracking and Statistics 122

      Reporting 125

      Phish, Educate, Repeat 127

      Summary 128

      Chapter 6 The Good, the Bad, and the Ugly: Policies and More 131

      Oh, the Feels: Emotion and Policies 132

      The Definition 132

      The Bad 133

      Making It “Good” 133

      The Boss Is Exempt 133

      The Definition 134

      The Bad 134

      Making It “Good” 134

      I’ll Just Patch One of the Holes 135

      The Definition 135

      The Bad 136

      Making It “Good” 136

      Phish Just Enough to Hate It 136

      The Definition 137

      The Bad 137

      Making It “Good” 138

      If You Spot a Phish, Call This Number 138

      The Definition 139

      The Bad 139

      Making It “Good” 140

      The Bad Guys Take Mondays Off 140

      The Definition 141

      The Bad 141

      Making It “Good” 141

      If You Can’t See It, You Are Safe 142

      The Definition 142

      The Bad 143

      Making It “Good” 143

      The Lesson for Us All 143

      Summary 144

      Chapter 7 The Professional Phisher’s Tackle Bag 147

      Commercial Applications 149

      Rapid7 Metasploit Pro 149

      ThreatSim 152

      PhishMe 158

      Wombat PhishGuru 161

      PhishLine 165

      Open Source Applications 168

      SET: Social-Engineer Toolkit 168

      Phishing Frenzy 171

      Comparison Chart 174

      Managed or Not 176

      Summary 177

      Chapter 8 Phish Like a Boss 179

      Phishing the Deep End 180

      Understand What You’re Dealing With 180

      Set Realistic Goals for Your Organization 182

      Plan Your Program 183

      Understand the Stats 183

      Respond Appropriately 184

      Make the Choice: Build Inside or Outside 186

      Summary 187

      Index 189

      Recently viewed products

      © 2026 Book Curl

        • American Express
        • Apple Pay
        • Diners Club
        • Discover
        • Google Pay
        • Maestro
        • Mastercard
        • PayPal
        • Shop Pay
        • Union Pay
        • Visa

        Login

        Forgot your password?

        Don't have an account yet?
        Create account