text.skipToContent text.skipToNavigation
background-image

Phishing Dark Waters The Offensive and Defensive Sides of Malicious Emails von Hadnagy, Christopher (eBook)

  • Erscheinungsdatum: 18.03.2015
  • Verlag: Wiley
eBook (ePUB)
22,99 €
inkl. gesetzl. MwSt.
Sofort per Download lieferbar

Online verfügbar

Phishing Dark Waters

Chapter 1 An Introduction to the Wild World of Phishing Lana: Do you think this is some kind of a trap? Archer: What? No, I don't think it's a trap! Although I never do ...and it very often is.
- Archer , Season 4 Episode 13 Because we're going to be spending some time together, I feel I should start our relationship with an honest self-disclosure. Although I consider myself to be a reasonably smart person, I have made an inestimable number of stupid mistakes. Many of these started with me yelling, "Hey, watch this!" or thinking to myself, "I wonder what would happen if ." But most often, my mistakes have come not from yelling challenges or thinking about possibilities but from not thinking at all . This absence of thinking typically has led to only one conclusion-taking an impulsive action. Scammers, criminals, and con men have clearly met me in a past life, because this is one of the key aspects that make them successful. Phishing in its various forms has become a high-profile attack vector used by these folks because it's a relatively easy way to reach others and get them to act without thinking. NOTE One more thing before this train really gets rolling. You may notice that when I refer to the bad guy, I use the pronoun "he." (See? I even said bad "guy.") I'm not sexist, nor am I saying all scammers are male. It's just simpler than improperly using "they" or saying "he or she" just to be inoffensive to someone, and it avoids adding a layer of complexity that's off the point. So "he" does bad stuff. But a bad guy can be anyone. Phishing 101 Let's start with some basic information. What is phishing ? We define it as the practice of sending e-mails that appear to be from reputable sources with the goal of influencing or gaining personal information. That is a long way of saying that phishing involves sneaky e-mails from bad people. It combines both social engineering and technical trickery. It could involve an attachment within the e-mail that loads malware (malicious software) onto your computer. It could also be a link to an illegitimate website. These websites can trick you into downloading malware or handing over your personal information. Furthermore, spear phishing is a very targeted form of this activity. Attackers take the time to conduct research into targets and create messages that are personal and relevant. Because of this, spear phish can be very hard to detect and even harder to defend against. Anyone on this planet with an e-mail address has likely received a phish, and on the basis of the reported numbers, many have clicked. Let's be very clear about something. Clicking doesn't make you stupid. It's a mistake that happens when you don't take the time to think things through or simply don't have the information to make a good decision. (Me driving from Biloxi, MS, to Tucson, AZ, in one shot, now that was stupid.) It's probably safe to say that there are common targets and common attackers. Phishers' motives tend to be pretty typical: money or information (which usually leads to money). If you are one of the many who has received an e-mail urging you to assist a dethroned prince in moving his inheritance, you've been a part of the numbers game. Very few of us are fabulously wealthy. But when a phisher gets a bunch of regular people to help the prince by donating a small "transfer fee" to assist the flow of funds (often requested in these scams), it starts to add up. Or, if an e-mail from "your bank" gets you to hand over your personal information, it could have drastic financial consequences if your identity is stolen. Other probable targets are the worker bees at any company. Although they alone may not have much information, mistakenly handing over login information can get an

Produktinformationen

    Format: ePUB
    Kopierschutz: AdobeDRM
    Seitenzahl: 224
    Erscheinungsdatum: 18.03.2015
    Sprache: Englisch
    ISBN: 9781118958483
    Verlag: Wiley
    Größe: 10428 kBytes
Weiterlesen weniger lesen

Phishing Dark Waters

Chapter 1
An Introduction to the Wild World of Phishing

Lana: Do you think this is some kind of a trap? Archer: What? No, I don't think it's a trap! Although I never do ...and it very often is.
- Archer , Season 4 Episode 13

Because we're going to be spending some time together, I feel I should start our relationship with an honest self-disclosure. Although I consider myself to be a reasonably smart person, I have made an inestimable number of stupid mistakes. Many of these started with me yelling, "Hey, watch this!" or thinking to myself, "I wonder what would happen if ." But most often, my mistakes have come not from yelling challenges or thinking about possibilities but from not thinking at all . This absence of thinking typically has led to only one conclusion-taking an impulsive action. Scammers, criminals, and con men have clearly met me in a past life, because this is one of the key aspects that make them successful. Phishing in its various forms has become a high-profile attack vector used by these folks because it's a relatively easy way to reach others and get them to act without thinking.
NOTE

One more thing before this train really gets rolling. You may notice that when I refer to the bad guy, I use the pronoun "he." (See? I even said bad "guy.") I'm not sexist, nor am I saying all scammers are male. It's just simpler than improperly using "they" or saying "he or she" just to be inoffensive to someone, and it avoids adding a layer of complexity that's off the point. So "he" does bad stuff. But a bad guy can be anyone.
Phishing 101

Let's start with some basic information. What is phishing ? We define it as the practice of sending e-mails that appear to be from reputable sources with the goal of influencing or gaining personal information. That is a long way of saying that phishing involves sneaky e-mails from bad people. It combines both social engineering and technical trickery. It could involve an attachment within the e-mail that loads malware (malicious software) onto your computer. It could also be a link to an illegitimate website. These websites can trick you into downloading malware or handing over your personal information. Furthermore, spear phishing is a very targeted form of this activity. Attackers take the time to conduct research into targets and create messages that are personal and relevant. Because of this, spear phish can be very hard to detect and even harder to defend against.

Anyone on this planet with an e-mail address has likely received a phish, and on the basis of the reported numbers, many have clicked. Let's be very clear about something. Clicking doesn't make you stupid. It's a mistake that happens when you don't take the time to think things through or simply don't have the information to make a good decision. (Me driving from Biloxi, MS, to Tucson, AZ, in one shot, now that was stupid.)

It's probably safe to say that there are common targets and common attackers. Phishers' motives tend to be pretty typical: money or information (which usually leads to money). If you are one of the many who has received an e-mail urging you to assist a dethroned prince in moving his inheritance, you've been a part of the numbers game. Very few of us are fabulously wealthy. But when a phisher gets a bunch of regular people to help the prince by donating a small "transfer fee" to assist the flow of funds (often requested in these scams), it starts to add up. Or, if an e-mail from "your bank" gets you to hand over your personal information, it could have drastic financial consequences if your identity is stolen.

Other probable targets are the worker bees at any company. Although they alone may not have much information, mistakenly handing over login information can get an

Weiterlesen weniger lesen

Kundenbewertungen