Phishing Dark Waters

Authors: Christopher Hadnagy and Michele Fincher
Publisher: Wiley
ISBN: 978-1118958476
Print:1118958470
Kindle: B00UYXIH3A
Aimed at: Security testers
Rating: 4.5
Reviewer: Kay Ewbank

How can you guard against being the victim of a phishing attack, either personally or in a company where you have responsibility for ensuring corporate safety?  

This book goes a good job of explaining phishing from the basics through to how to set up phishing tests for a company to see how aware employees are, and to train them in avoiding phishing scams.

 

Banner

 

The authors start with an introduction – phishing 101, with examples of the basic types of phishing email that people are likely to encounter, including some high profile versions, and with examples of the more sophisticated ‘spear’ attacks where the phishers have researched their victims. There’s an interesting chapter on the psychology of decision making explaining why and how people can be taken in, and another chapter on influence and manipulation that looks at the different underlying drivers for what makes phishing emails appeal.  

 

 

 

So far, the book is a really good read with some fascinating and amusing facts and anecdotes. From here onwards, though, it becomes more useful as it sets out how to guard against phishing. Chapter 4, Lessons in Protection, starts by showing ways a user can protect themselves – techniques such as hovering over links, deciphering URLs, analyzing e-mail headers, and sandboxing are all well explained.

The authors then move on to describe how you can set up a corporate phishing program to train company employees to be more phishing aware. There’s a chapter on planning your phishing trip, followed by one of how to create effective policies so the employees you’re testing know what rules they’re working to.

phishing

One of the most useful chapters looks at a range of tools you can use to create phishing emails for testing, both commercial and open source. The authors obviously know their material very well, and make useful observations about all the tools. The book ends with a chapter titled ‘phish like a boss’ that discusses ideas such as understanding what you’re dealing with, understanding the stats, and responding appropriately.

This is a well written and entertaining book. It’s relatively short and very specific, but one that is worth reading even if you feel you’re fairly savvy and don’t need to put a phishing testing program in place. It would also make a good book to give to non-techies who you’d like to guard from falling prey to the phishers.  

 

To keep up with our coverage of books for programmers, follow @bookwatchiprog on Twitter or subscribe to I Programmer's Books RSS feed for each day's new addition to Book Watch and for new reviews.

Banner


SQL Server Advanced Troubleshooting and Performance Tuning (O'Reilly)

Author: Dmitri Korotkevitch
Publisher: O'Reilly
Pages: 497
ISBN: 978-1098101923
Print:1098101928
Kindle: B0B197NYD7
Audience: DBAs & database devs
Rating: 5
Reviewer: Ian Stirk

This book aims to improve the performance of your SQL Servers, how does it fare?



Continuous Architecture In Practice (Addison-Wesley)

Author: Murat Erder, Pierre Pureur and Eoin Woods
Publisher: Addison-Wesley
Pages: 352
ISBN: 978-0136523567
Print: 0136523560
Kindle: ‎B08ZRTQGLJ
Audience: Software Architects
Rating: 3
Reviewer: Kay Ewbank

This book sets out the case for why software architecture is more important than ever, and in p [ ... ]


More Reviews

 

Last Updated ( Friday, 09 November 2018 )