Who Is

watching out for you?

In today's world you need to understand a few more things...

Who Is

knocking on your virtual front door?

It could be someone down the block or from the Bloc

An easy way of learning to catch phish

Michele Fincher

Imagine walking into your work lunchroom just in time to hear one person loudly berating another. The yelling male storms off in a huff, leaving the remaining female sobbing.

Would you ask if you can help her?

Suppose the sobbing one tells you s/he is going to be fired for forgetting her security card.

Would you take her to the elevator and swipe her in? Or would you walk her over to security for a temporary pass?  

How would you feel when you discover that neither the male nor the female work in your building, and the entire scene was a setup to get her onto the C-suite floor?

You’d feel just as stupid as anybody who’s ever fallen for the lies of a phishing email.

Chris Hadnagy and Michele Fincher of Social-Engineering Inc specialize in performing such scenarios when testing their clients' users, as well as training folks like us how to act when similar situations arise.

Presented in lighthearted, humorous, easy-to-read language, their book Phishing in Dark Waters prepares you for everything you’ll need to know about phishing, especially if you think email security is boring.

Yes, Chis and Michele have made phishing fun and enjoyable to learn.

They do it thru personal anecdotes, humor, and by making the psychology of phishers and their victims easy to understand.

Starting simply with what a phish is, they move on to the psychology of why phishing works, and the principles behind it, explaining so well that basic users can grasp the concepts.

They’ve divided phishing into levels, so you can begin with the easiest to find, and work your way up as you learn more.

You’ll recognize some of the examples from breaches that were large enough to make the mainstream news.

If you use email, you need this book.



Note: Other than an autographed copy from the author at SC Congress, Securebuzz received nothing for this review.