Roger A. Grimes

Fighting Phishing (eBook, ePUB)

Everything You Can Do to Fight Social Engineering and Phishing

• Format: ePub

Produktbeschreibung

Keep valuable data safe from even the most sophisticated social engineering and phishing attacks

Fighting Phishing: Everything You Can Do To Fight Social Engineering and Phishing serves as the ideal defense against phishing for any reader, from large organizations to individuals. Unlike most anti-phishing books, which focus only on one or two strategies, this book discusses all the policies, education, and technical strategies that are essential to a complete phishing defense. This book gives clear instructions for deploying a great defense-in-depth strategy to defeat hackers and malware. Written by the lead data-driven defense evangelist at the world's number one anti-phishing company, KnowBe4, Inc., this guide shows you how to create an enduring, integrated cybersecurity culture.

• Learn what social engineering and phishing are, why they are so dangerous to your cybersecurity, and how to defend against them
• Educate yourself and other users on how to identify and avoid phishing scams, to stop attacks before they begin
• Discover the latest tools and strategies for locking down data when phishing has taken place, and stop breaches from spreading
• Develop technology and security policies that protect your organization against the most common types of social engineering and phishing

Anyone looking to defend themselves or their organization from phishing will appreciate the uncommonly comprehensive approach in Fighting Phishing.

---

Dieser Download kann aus rechtlichen Gründen nur mit Rechnungsadresse in D ausgeliefert werden.

Produktdetails

• Verlag: Wiley
• Erscheinungstermin: 19. Januar 2024
• Englisch
• ISBN-13: 9781394249213
• Artikelnr.: 69861824

Autorenporträt

ROGER A. GRIMES has 35 years of experience in computer security and has authored 13 previous books on the topic. He is the Data-Driven Defense Evangelist at KnowBe4, a security awareness education company, and a senior computer security consultant and cybersecurity architect.

Inhaltsangabe

Introduction xiii

Part I Introduction to Social Engineering Security 1

Chapter 1 Introduction to Social Engineering and Phishing 3

What Are Social Engineering and Phishing? 3

How Prevalent Are Social Engineering and Phishing? 8

Chapter 2 Phishing Terminology and Examples 23

Social Engineering 23

Phish 24

Well- Known Brands 25

Top Phishing Subjects 26

Stressor Statements 27

Malicious Downloads 30

Malware 31

Bots 31

Downloader 32

Account Takeover 32

Spam 33

Spear Phishing 34

Whaling 35

Page Hijacking 35

SEO Pharming 36

Calendar Phishing 38

Social Media Phishing 40

Romance Scams 41

Vishing 44

Pretexting 46

Open- Source Intelligence 47

Callback Phishing 47

Smishing 49

Business Email Compromise 51

Sextortion 53

Browser Attacks 53

Baiting 56

QR Phishing 56

Phishing Tools and Kits 57

Summary 59

Chapter 3 3x3 Cybersecurity Control Pillars 61

The Challenge of Cybersecurity 61

Compliance 62

Risk Management 65

Defense-In-Depth 68

3x3 Cybersecurity Control Pillars 70

Summary 72

Part II Policies 73

Chapter 4 Acceptable Use and General Cybersecurity Policies 75

Acceptable Use Policy (AUP) 75

General Cybersecurity Policy 79

Summary 88

Chapter 5 Anti-Phishing Policies 89

The Importance of Anti-Phishing Policies 89

What to Include 90

Summary 109

Chapter 6 Creating a Corporate SAT Policy 111

Getting Started with Your SAT Policy 112

Necessary SAT Policy Components 112

Example of Security Awareness Training Corporate Policy 128

Acme Security Awareness Training Policy: Version 2.1 128

Summary 142

Part III Technical Defenses 145

Chapter 7 DMARC, SPF, and DKIM 147

The Core Concepts 147

A US and Global Standard 149

Email Addresses 151

Sender Policy Framework (SPF) 159

Domain Keys Identified Mail (DKIM) 165

Domain- based Message Authentication, Reporting, and Conformance (DMARC) 169

Configuring DMARC, SPF, and DKIM 174

Putting It All Together 175

DMARC Configuration Checking 176

How to Verify DMARC Checks 177

How to Use DMARC 179

What DMARC Doesn't Do 180

Other DMARC Resources 181

Summary 182

Chapter 8 Network and Server Defenses 185

Defining Network 186

Network Isolation 187

Network-Level Phishing Attacks 187

Network- and Server-Level Defenses 190

Summary 214

Chapter 9 Endpoint Defenses 217

Focusing on Endpoints 217

Anti- Spam and Anti- Phishing Filters 218

Anti- Malware 218

Patch Management 218

Browser Settings 219

Browser Notifications 223

Email Client Settings 225

Firewalls 227

Phishing- Resistant MFA 227

Password Managers 228

VPNs 230

Prevent Unauthorized External Domain Collaboration 231

DMARC 231

End Users Should Not Be Logged on as Admin 232

Change and Configuration Management 232

Mobile Device Management 233

Summary 233

Chapter 10 Advanced Defenses 235

AI- Based Content Filters 23