Information & Links
Buy here on Amazon & Barnes And Noble
Links from book:
CH1
(1)https://www.cisa.gov/sites/default/files/publications/ Cybersecurity Awareness Month 2021 - Why is Cybersecurity Important.pdf (2)https://informationisbeautiful.net/visualizations/worlds- biggest-data-breaches-hacks/ (3)https://www.fireeye.com/blog/products-and-services/ 2020/12/fireeye-shares-details-of-recent-cyber-attack- actions-to-protect-community.html and https:// www.csoonline.com/article/3600893/fireeye-breach- explained-how-worried-should-you-be.html
(4) https://www.cnet.com/news/fbi-nsa-and-cisa-say- solarwinds-hack-was-likely-of-russian-origin/ (5)https://www.ic3.gov/Media/PDF/AnnualReport/ 2021_IC3Report.pdf
(6)https://www.beckershospitalreview.com/finance/ scripps-records-q3-operating-loss-notes-cyberattack-cost- of-112-7m.html
(7)https://emma.msrb.org/P11517631-P11174379-.pdf (8)https://www.reuters.com/article/us-usa-healthcare- cyber/building-wave-of-ransomware-attacks-strike-u-s- hospitals-idUSKBN27D35U (9)https://www.techrepublic.com/article/local- governments-continue-to-be-the-biggest-target-for- ransomware-attacks/ (10)https://blog.emsisoft.com/en/40813/the-state-of- ransomware-in-the-us-report-and-statistics-2021/
(11) https://k12cybersecure.com/wp-content/uploads/ 2021/03/StateofK12Cybersecurity-2020.pdf
(12) https://www.reuters.com/article/us-cyber-cwt-ransom/ payment-sent-travel-giant-cwt-pays-4-5-million-ransom-to- cyber-criminals-idUSKCN24W25W
(13) https://www.latimes.com/california/story/2021-05-31/ azusa-ransomware-hack-sensitive-police-documents- online
(14) https://krebsonsecurity.com/2020/06/blueleaks- exposes-files-from-hundreds-of-police-departments/ (15) https://www.iafc.org/topics-and-tools/resources/ resource/protecting-against-cyberattacks
(16) https://www.iafc.org/docs/default-source/1comm- tech/protecting-against-cyberattacks-magazine_final.pdf? sfvrsn=584e810d_0
(17) https://www.dhs.gov/science-and-technology/national- urban-security-technology-laboratory
(18) https://www.helpnetsecurity.com/2020/11/03/ disinformation-campaigns-social-media/
(19) https://www.cisa.gov/sites/default/files/publications/ PSA_voter_registration_data_508pobs.pdf
(20) https://www.reuters.com/article/us-usa-election-cyber- louisiana-exclusiv/exclusive-national-guard-called-in-to- thwart-cyberattack-in-louisiana-weeks-before-election- idUSKBN27823F
(21) https://youtube.com/watch?v=llNittlfzG0top (22) https://youtu.be/ArY_mFH_ZhA
(23) http://www.sid.in-berlin.de/nedkelly-world/ work%20at%20home%20scams%20II.html
(24) https://www.fcc.gov/covid-scams
(25) https://www.reuters.com/article/us-health-coronavirus- who-hack-exclusive/exclusive-elite-hackers-target-who- as-coronavirus-cyberattacks-spike-idUSKBN21A3BN
(26) https://www.wired.com/story/covid-19-phishing-excel- ios-14-data-breaches/
(27) https://www.freep.com/story/money/2020/08/12/ scammers-fake-contact-tracing-termination-notice/ 5557821002/
(28) https://www.forbes.com/sites/jessedamiani/2020/03/26/ google-data-reveals-350-surge-in-phishing-websites- during-coronavirus-pandemic/?sh=126de5fa19d5
(29) https://www.csoonline.com/article/3532825/6-ways- attackers-are-exploiting-the-covid-19-crisis.html
(30) https://www.ic3.gov/Media/PDF/AnnualReport/ 2021_IC3Report.pdf
(31) https://www.proofpoint.com/us/newsroom/press- releases/proofpoints-2022-state-phish-report-reveals- email-based-attacks-dominated
(32) https://what-is-phishing.cacyber.net/ (33) https://phishingquiz.withgoogle.com
CH2
(1) https://gwtoday.gwu.edu/human-hacker-playbook-how- stop-me-getting-your-personal-information
(2) https://www.synopsys.com/blogs/software-security/ rachel-tobac-social-engineering-attacks-polite-paranoia/
(3) https://www.youtube.com/watch? v=hhHhOoecgvg&feature=youtu.be
(4) https://www.hackerone.com/blog/Hacker-QA-Rachel-
Tobac-Hacking-Companies-Through-Their-People
(5) https://www.facebook.com/cnn/videos/ 2424216847867646/
(6) https://www.amazon.com/Art-Deception- Controlling-Element-Security/dp/076454280X
(7) https://www.us-cert.gov/ncas/tips/ST04-014
(8) https://en.wikipedia.org/wiki/ Social_engineering_(security)
(9) https://www.ic3.gov/Media/PDF/AnnualReport/ 2020_IC3Report.pdf
(10) https://purplesec.us/resources/cyber-security- statistics/
(11) https://www.embroker.com/blog/cyber-attack- statistics/
(12) https://securityintelligence.com/articles/most-digital- attacks-today-involve-social-engineering/
(13) https://securityintelligence.com/articles/4-social- engineering-threats-to-keep-an-eye-on-and-how-to-stop- them/
(14) https://www.ic3.gov/Media/PDF/AnnualReport/ 2020_IC3Report.pdf
(15) https://www.proofpoint.com/us/corporate-blog/post/ shark-tanks-barbara-corcoran-loses-nearly-400k-bec- attack-what-you-need-know
(16) https://securityboulevard.com/2020/03/was-your-new- disney-plus-account-stolen/
(17) https://www.cbc.ca/news/canada/malcolm-gladwell- interview-1.5303203
(18) https://hbr.org/2016/07/how-to-negotiate-with-a-liar? cm_sp=Article-_-Links-_-Comment
(19)
https://www.amazon.com/Its-Not-All-About- Techniques-ebook/dp/B006600YIBLK
(20) https://fs.blog/2013/07/building-trust/
(21) https://www.facebook.com/officialjackvale/videos/ social-media-experiment/2248514008796203/
(22) https://www.cybertalk.org/pharming-vs-phishing/.
(23) https://youtu.be/mhNaqVF07Pw
CH3
(1) https://www.fbi.gov/video-repository/protected-voices- social-engineering-083018.mp4/view
(2) https://www.youtube.com/watch?v=8rrpVtnV_wM (3)https://corporate.target.com/press/releases/2013/12/
target-confirms-unauthorized-access-to-payment-car
(4) https://gatefy.com/blog/real-and-famous-cases-social- engineering-attacks/
(5) https://www.howtogeek.com/465416/what-is-an-internet- troll-and-how-to-handle-trolls/
(6) https://en.wikipedia.org/wiki/Troll_farm (7)https://www.sciencealert.com/fake-accounts-are-
constantly-manipulating-what-you-see-on-social-media- here-s-how
(8) https://www.missingkids.org/ourwork/ publications#exploited
(9) https://hbr.org/2016/07/how-to-negotiate-with-a-liar? cm_sp=Article-_-Links-_-Comment
(10) https://thispersondoesnotexist.com/
(11) https://www.wired.com/story/iran-hackers-social- engineering-mia-ash/
(12) https://www.youtube.com/watch?v=3U8w58022TA (12a) https://www.ehacking.net/2021/04/the-ultimate-sock- puppets-tutorial-for-osint-operators.html
(13) https://www.apple.com/privacy/docs/ A_Day_in_the_Life_of_Your_Data.pdf
(14) https://www.youtube.com/watch? v=YgKz_KLE_yk&t=110s
(15) https://www.facebook.com/help/212802592074644
(16) https://help.instagram.com/ contact/505535973176353
(17) https://www.businessinsider.com/stolen-data- of-533-million-facebook-users-leaked-online-2021-4? r=US&IR=T
(18) https://abc7news.com/abc-7-abc7-seven-on-your- side-michael-finney/5486854/
(19) https://www.thesslstore.com/blog/hackers-are- using-linkedin-to-tailor-their-phishing-attacks-just-for-you/
(20) https://www.youtube.com/watch?v=AyTHVcds6_0
(21) https://www.cisa.gov/insider-threat-trailer-and-video
(22) https://www.exabeam.com/ueba/insider-threats/
(23) https://www.youtube.co1m01/watch?v=nVzPraG-Nzc
(23a) https://www.recordedfuture.com/open-source- intelligence-definition
(24) https://www.huffpost.com/entry/verizon- charlottesville_n_599605dfe4b0e8cc855c69ee
(25) https://thisxdoesnotexist.com/
(26) https://thispersondoesnotexist.com/
(27) https://www.fakenamegenerator.com/
(28) https://www.dating-profile-generator.org.uk/
29) https://thisrentaldoesnotexist.com/
(30) https://oag.ca.gov/idtheft/facts/deceased
(31) https://dmf.ntis.gov
(32) https://www.usatoday.com/story/news/nation/ 2019/10/02/feds-target-social-security-scammers-living-off- dead-relatives/3841975002/
(33) https://www.youtube.com/watch?v=_G19KD5CrEU
(34) https://usa.kaspersky.com/resource-center/definitions/ pharming
(35) https://www.phishlabs.com/blog/brain-hacking-social- engineering-effective/
(36) https://www.behindthename.com
(37) https://www.fakenamegenerator.com/gen-random-us- us.php
(38) https://www.elfqrin.com/fakeid.php
(39) https://www.bleepingcomputer.com/news/security/mfa- fatigue-hackers-new-favorite-tactic-in-high-profile-breaches/
CH4
(1) https://www.ftc.gov/system/files/documents/reports/ consumer-sentinel-network-data-book-2017/ consumer_sentinel_data_book_2017.pdf
(2) https://oig.hhs.gov/fraud/consumer-alerts/fraud-alert- covid-19-scams/
(3) https://oag.ca.gov/news/press-releases/attorney-general- bonta-issues-consumer-alert-warning-californians-about-0
(4) https://comptroller.texas.gov/fraud-alert/
(5) https://oag.ca.gov/news/press-releases/attorney-general- becerra-warns-investors-and-consumers-beware-digital- asset
(6) https://www.consumer.ftc.gov/blog/2020/04/coronavirus- stimulus-payment-scams-what-you-need-know
(7) https://www.ic3.gov/media/2020/200320.aspx
(8) https://www.michigan.gov/ag/
0,4534,7-359-81903_20942-390419--,00.html
(9) https://security.berkeley.edu/resources/phish-tank
(10) https://www.apple.com/child-safety/
(11) https://unmask.sucuri.net/security-report/
(12) ) https://www.npr.org/2018/09/27/652119109/uber- pays-148-million-over-year-long-cover-up-of-data-breach
(13) https://us-cert.cisa.gov/publications/securing-your- web-browser
(14) https://www.abc.net.au/news/2021-06-24/tom-cruise- deepfake-chris-ume-security-washington-dc/100234772
(15) https://www.linkedin.com/learning/understanding- the-impact-of-deepfake-videos
(16) https://thecyberwire.com/podcasts/hacking- humans/73/notes
(17) https://www.fbi.gov/scams-and-safety/common- scams-and-crimes/romance-scams
(18) https://www.creativebloq.com/features/deepfake- examples
(20) https://www.factcheck.org
(21) https://www.youtube.com/channel/ UCGf4OlX_aTt8DlrgiH3jN3g
CH5
(1) https://emfacademy.com/check-sar-value-mobile-phone/
(2) https://www.apple.com/legal/rfexposure/
(3) https://www.lg.com/global/support/sar/sar
(4) https://rfhealth-sar.motorola.com/SAR/
(5) https://www.samsung.com/sar/sarMain.do
(6) https://blog.red-website-design.co.uk/2022/09/07/social- trends-finish-with-bang/
(7) https://www.linkedin.com/pulse/what-digital-dust-should- we-worry-ours-ema-linaker/
(8) https://www.gartner.com/en/newsroom/press-releases/ 2020-10-19-gartner-identifies-the-top-strategic- technology-trends-for-2021
(9) https://webkay.robinlinus.com/
(10) https://www.allaboutcookies.org/mobile/index.html
(11) https://www.adjust.com/glossary/idfv/
(12) https://youtu.be/YgKz_KLE_yk
(13) iapp.org
(14) https://www.ftc.gov/system/files/documents/reports/ data-brokers-call-transparency-accountability-report-federal- trade-commission-may-2014/140527databrokerreport.pdf
(15) https://privacybadger.org/
(17) https://owasp.org/www-community/attacks/Clickjacking
(18) https://owasp.org/www-community/attacks/xss/
(19) https://observer.com/2016/07/the-truth-about-data- mining-how-online-trackers-gather-your-info-and-what-they- see/
(20) https://www.expressvpn.com/blog/the-3-best-browser- extensions-to-protect-your-privacy/
(21) https://go.dashlane.com/How-Would-I-Hack-You.html
(22) https://www.youtube.com/watch?v=L5J2PgGOLtE(25)
(23) https://www.youtube.com/watch?v=3U8w58022TA
(24) https://www.cnn.com/videos/business/2022/10/18/donie- osullivan-hacked-defcon-contd-orig-gr-jm.cnn
(25) https://www.pcmag.com/how-to/how-to-spot-and-avoid- credit-card-skimmers
(26) https://electroniccats.com/store/hunter-cat-nfc/
(27) https://electroniccats.com/store/huntercat/
(28) https://www.wsls.com/news/local/2020/09/03/how-the- bedford-police-department-says-you-could-be-oversharing- through-bumper-stickers/
(29) https://www.techtimes.com/articles/265013/20210905/ how-to-spot-airbnb-hidden-cameras-tiktok-user-claiming-to- be-an-ex-hacker-exposes-on-viral-video.htm
(30) https://www.tiktok.com/@malwaretech/video/ 7002804220126661893?lang=en
(31) https://learn.snhu.edu/d2l/lor/viewer/ viewFile.d2lfile/760194/22533,-1/
CH6
(1) https://payback-ltd.com/blogs/12-easy-ways-to-check-if- a-website-is-legit-or-a-scam/
(2) https://www.virustotal.com/gui/home/upload
(4) https://www.lastpass.com/features/password-generator
(5) https://securitysnobs.com/Abloy/
(6) https://www.youtube.com/watch?v=vz9IPVhBUpc
(7) https://www.wired.com/story/phone-scam-phishing- finance-apps/
(8) https://www.itpro.com/security/social- engineering/361911/month-in-the-life-of-social-engineer- week-one
(9) https://www.comptia.org/content/articles/anatomy-of-a-
social-engineering-attack 198
(10) https://comptiacdn.azureedge.net/webcontent/docs/ default-source/research-reports/avoid-social-engineering- attacks.pdf?sfvrsn=28ea7377_2
(11) https://cybernews.com/security/rockyou2021-alltime- largest-password-compilation-leaked/
(12) https://www.informationisbeautiful.net/visualizations/ worlds-biggest-data-breaches-hacks/
(13) https://www.informationisbeautiful.net/visualizations/ top-500-passwords-visualized/
(14) https://haveibeenpwned.com/
(15) https://www.sysprobs.com/best-chrome-security- extensions
(16) https://www.sfweekly.com/sponsored/completely-free- reverse-phone-lookup-with-name/
(17) https://symptomsofliving.com/blog/blocking-people-is- a-form-of-self-care/
(18) https://www.rainn.org/articles/how-filter-block-and- report-harmful-content-social-media
(19) https://justdeleteme.xyz/
(20) https://justgetmydata.com/
(21) https://www.identitytheft.gov/#/Warning-Signs-of-
Identity-Theft
(22) https://www.usa.gov/identity-theft
CH7
(1) https://www.axios.com/local/des-moines/2021/09/14/ johnston-public-schools-hackers-the-dark-overlord
(2) https://www.desmoinesregister.com/story/news/crime- and-courts/2017/10/13/dark-overlord-hack-school- computers-student-information-outside-vendor-johnston- school/750730001/
(3) https://www.kcci.com/article/threats-force-johnston- schools-to-cancel-classes/12769814
(4) https://www.proofpoint.com/us/threat-insight/post/seems- phishy-back-school-lures-target-university-students-and-staff
(5) https://blogs.deakin.edu.au/article/dont-be-fooled-by-the- silent-librarian-scam/
(7) https://iknowwhereyourcatlives.com/about/
(8) https://www.netflix.com/title/81031373
(9) https://www.desmoinesregister.com/story/news/crime- and-courts/2017/10/05/dark-overlord-hacker-johnston- schools-threats/735950001/
CH8
(1) https://www.cyberseek.org/heatmap.html
(2) https://www.ic3.gov/Media/PDF/AnnualReport/ 2021_IC3Report.pdf?_sp=0a7b7784-1d4b-4e1a-860e- e727dc69b8bd
(3) https://sites.temple.edu/care/resources/
(4) https://chat.openai.com/chat
(5) searchenginejournal.com
(6) https://www.mdpi.com/2076-3417/12/12/6042/pdf? version=1655208887
(7) https://www.frontiersin.org/articles/10.3389/ fpsyg.2020.01755/full
GLOSSARY
Phishing is an email that comes to your inbox that is designed to trick you into opening a link or to get you to perform an action.
Smishing is when someone is getting socially engineered through text messaging.
Tailgate (walk in the building as someone else walks out, not needing a security badge to swipe to gain access
Cyber Attack An unwanted person(s) accesses information from a person, business, school, or government organization digitally. Think of this as someone breaking into a computer. Spear Phishing targets a specific group or type of user, such as a system administrator.
Whaling are attacks that target a CEO, CFO, CISO, and CTO.
Vishing has the same intention but uses a voice call for the attack.
Pharming a portmanteau of the words "phishing" and "farming", is an online scam similar to phishing, where a website's traffic is manipulated, and confidential information is stolen. Please revisit these websites at: https:// www.trendmicro.com/en_us/what-is/phishing/types-of- phishing.html#vishing-tm-anchor and https:// usa.kaspersky.com/resource-center/definitions/pharming.
White Hat Hackers White Hat hacker is a good guy who uses his (or her) capabilities to damage your organization - but only hypothetically. Instead, the real purpose is to uncover security failings in your system in order to help you safeguard your business from dangerous hackers.
IC3 The United States Federal Bureau of Investigation (FBI) Internet Crime Complaint Center (IC3) issues an annual report on cyber breaches. Please read this to keep up on what is happening around the USA at www.ic3.gov. Insider Threat There are two kinds of insider threats: employees and subcontractors. These are people that have access to technology or your organization’s building.
Ransomware is software that will prevent your computer systems from working. Once on your system, you will get a
message from someone that you have to pay money to get control back of your computer.
Social Engineering Think of social engineering as the ability to hack or manipulate a person using things in their environment.
Zoom Bombing When everyone went home to work and do school remotely in March of 2020, zoom became a platform that everyone used to communicate. Sometimes, intruders would break into a meeting. Thus the term zoom bombing was created.
Open Source Intelligence (OSINT) is gathering information and data that is publicly available. There are sources and techniques people can utilize to gain information on a target or mark.
Sock Puppet is when social engineers use fictional accounts and fake personas. Many social engineers use fictional accounts and fake personas. - When social engineers use fictional accounts and fake personas to trick someone.
Generative Adversarial Networks (GAN), we can learn how to create realistic-looking fake versions of almost anything we need.
Albert Mehrabian 7-35-55 communications rules. The
7-38-55 rule is a concept concerning the communication of emotions. The rule states that 7 percent of meaning is communicated through spoken word, 38 percent through tone of voice, and 55 percent through body language.
Deepfakes The 21st century’s answer to Photoshopping, deepfakes use a form of artificial intelligence called deep learning to make images of fake events, hence the name deepfake.
Virtual Private Network (VPN) VPN stands for "Virtual Private Network" and describes the opportunity to establish a protected network connection when using public networks.
VPNs encrypt your internet traffic and disguise your online identity. This makes it more difficult for third parties to track your activities online and steal data. The encryption takes place in real time.
Bluebugging is where a hacker will access your phone's information via the process when two devices connect together.
Bluejacking is when you get messages from a source you do not know. The key here is they are just sending messages.
Bluesnarfing is when someone gets on your phone and takes information.
Cookie: In the tech world, a cookie is basically a file that stores information about you, such as a password.
MFA FATIGUE MFA Fatigue attack is when a threat actor runs a script that attempts to log in with stolen credentials over and over, causing what feels like an endless stream of MFA push requests to be sent to the account's owner's mobile device.
Secure Texting is using text apps that use encryption for messaging.
USB blocker USB blocker will stop unwanted data access
of your information from a public port.
SSIDs or (Service Set Identifier) is the name of the Wi-Fi network.
2FA Two Factor Authentication is a technology where you get a message on your personal device to ensure it is you accessing certain data.
OTP one-time password OTP systems provide a mechanism for entering a network or service using a unique password that can only be used once
Jailbreaking is exploiting the defect of a locked-down electronic device to install software other than what the manufacturer has made available for that device.
Robocall A robocall is a phone call that uses a computerized autodialer to deliver a pre-recorded message as if from a robot. The service is also associated to be prone to scams.
Password Manager software to manage all of your passwords.
​