ISACA Journal
Volume 2, 2,016 

Book Reviews 

Phishing Dark Waters: The Offensive and Defensive Sides of Malicious E-mails 

Christopher Hadnagy and Michele Fincher | Reviewed by Maria Patricia Prandini, CISA, CRISC 

Phishing Dark Waters: The Offensive and Defensive Sides of Malicious E-mails speaks to information security personnel, IT professionals and email users. With down-to-earth language, authors Christopher Hadnagy and Michele Fincher successfully explain the reasons why someone, though knowledgeable about technology and aware of the dangers of phishing schemes, can fall for simple attacks. Phishing has existed for a long time. Companies have launched educational programs, but the results do not seem enough. This book could help organizations have a more effective response to these kinds of incidents.

While the book is short, with 8 chapters and fewer than 200 pages, it effectively explains what phishing is, how human beings tend to act when they are under pressure or inattentive, the psychological principles that lead to decision making, why people are deceived, and how to be protected from this type of social-engineering attack.

This easy-to-read book is full of real-life examples of successful phishing attacks in which banks and renowned companies were targeted. Anecdotes from the authors are also included, and they are aimed at teaching the reader how to avoid being a victim of social engineering techniques and how to identify and anticipate dangerous situations.

This book also contains information that can serve as the basis for an awareness and education program for any organization that does not want its personnel to be victims of phishing. In fact, the book elaborates on how to create a program to deal with phishing prevention and education and establish some effective policies to implement to protect employees from phishing attacks. Additionally, the authors provide a list of open-source and commercial applications that could be employed as tools for implementing an antiphishing program. The book contains a comparison table of these tools.

This is not just a book for IT personnel and it is not just for professional use. This is a book for anyone who uses email and wants to stay safe from social-engineering attacks. Phishing seems to be here to stay, but Phishing Dark Waters can help keep people safe from such efforts.

Editor’s Note

Phishing Dark Waters: The Offensive and Defensive Sides of Malicious E-mails is available from the ISACA Bookstore. For information, visit, email or telephone +1.847.660.5650.

Reviewed by Maria Patricia Prandini, CISA, CRISC, who has a long career as a public official in different positions related to information technology at the Argentine Government. Prandini was involved in the development of the National PKI and the foundation of ARCERT, the first governmental computer security incident response team (CSIRT) in Argentina. She is the past president of the ISACA Buenos Aires (Argentina) Chapter.


Add Comments

Recent Comments

Opinions expressed in the ISACA Journal represent the views of the authors and advertisers. They may differ from policies and official statements of ISACA and from opinions endorsed by authors’ employers or the editors of the Journal. The ISACA Journal does not attest to the originality of authors’ content.