Common Information
| Type | Value |
|---|---|
| Value |
Email Addresses - T1589.002 |
| Category | Attack-Pattern |
| Type | Mitre-Attack-Pattern |
| Misp Type | Cluster |
| Description | Adversaries may gather email addresses that can be used during targeting. Even if internal instances exist, organizations may have public-facing email infrastructure and addresses for employees. Adversaries may easily gather email addresses, since they may be readily available and exposed via online or other accessible data sets (ex: [Social Media](https://attack.mitre.org/techniques/T1593/001) or [Search Victim-Owned Websites](https://attack.mitre.org/techniques/T1594)).(Citation: HackersArise Email)(Citation: CNET Leaks) Email addresses could also be enumerated via more active means (i.e. [Active Scanning](https://attack.mitre.org/techniques/T1595)), such as probing and analyzing responses from authentication services that may reveal valid usernames in a system.(Citation: GrimBlog UsernameEnum) For example, adversaries may be able to enumerate email addresses in Office 365 environments by querying a variety of publicly available API endpoints, such as autodiscover and GetCredentialType.(Citation: GitHub Office 365 User Enumeration)(Citation: Azure Active Directory Reconnaisance) Gathering this information may reveal opportunities for other forms of reconnaissance (ex: [Search Open Websites/Domains](https://attack.mitre.org/techniques/T1593) or [Phishing for Information](https://attack.mitre.org/techniques/T1598)), establishing operational resources (ex: [Email Accounts](https://attack.mitre.org/techniques/T1586/002)), and/or initial access (ex: [Phishing](https://attack.mitre.org/techniques/T1566) or [Brute Force](https://attack.mitre.org/techniques/T1110) via [External Remote Services](https://attack.mitre.org/techniques/T1133)). |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2024-10-27 | 2 | Here's how to avoid romance scams, which cost consumers $1.14 billion last year. | #datingscams | #lovescams | #datingscams | #love | #relationships | #scams | #pof | #match.com | #dating | National Cyber Security Consulting | ||
| Details | Website | 2024-10-27 | 4 | Step-by-step Guide To Installing NordVPN On Your Device | ||
| Details | Website | 2024-10-27 | 1 | How Email Verification API Aids In Spam Prevention | ||
| Details | Website | 2024-10-27 | 3 | How To Integrate Email Verification Into Existing Systems | ||
| Details | Website | 2024-10-27 | 1 | Senator says domain reg firms aiding Russian disinfo spread • The Register | #cybercrime | #infosec | National Cyber Security Consulting | ||
| Details | Website | 2024-10-27 | 1 | Senator says domain reg firms aiding Russian disinfo spread | ||
| Details | Website | 2024-10-27 | 2 | How To Trace Email Id? | ||
| Details | Website | 2024-10-27 | 0 | McAfee Total Protection 2024 Review: Cyber Guardian | ||
| Details | Website | 2024-10-27 | 4 | CVE Alert: CVE-2024-9637 - RedPacket Security | ||
| Details | Website | 2024-10-27 | 10 | Threat Intelligence Report | ||
| Details | Website | 2024-10-27 | 0 | DAY 35 | ||
| Details | Website | 2024-10-27 | 3 | The Role Of Email Verification In Spam Prevention | ||
| Details | Website | 2024-10-27 | 6 | Harnessing Big Data With Email Verification Systems | ||
| Details | Website | 2024-10-27 | 0 | The Club Penguin Experience - 6,342 breached accounts - RedPacket Security | ||
| Details | Website | 2024-10-27 | 1 | A Guide To Internet Privacy For Beginners | ||
| Details | Website | 2024-10-26 | 18 | AIO Web App Pentesting Checklist | ||
| Details | Website | 2024-10-26 | 1 | Dating scam package offered in the underground | #datingscams | #russianliovescams | #lovescams | #datingscams | #love | #relationships | #scams | #pof | #match.com | #dating | National Cyber Security Consulting | ||
| Details | Website | 2024-10-26 | 6 | The Future Of Work And Advanced VPN Adoption | ||
| Details | Website | 2024-10-25 | 0 | Unlocking the Secrets Behind an Email: A Guide to Reverse Email Engineering, Techniques, and Tools | ||
| Details | Website | 2024-10-25 | 1 | Chinese hackers 'tried to break into Donald Trump and J.D. Vance's cell phones' in massive breach | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting | ||
| Details | Website | 2024-10-25 | 4 | Efficient Verification Of Gmail Emails For Security | ||
| Details | Website | 2024-10-25 | 0 | Uncovering Vulnerabilities: My Discovery of Hashed Passwords on a Dutch Government Website | ||
| Details | Website | 2024-10-25 | 4 | Prioritizing Safety: VPNs With Anti-Malware Guards | ||
| Details | Website | 2024-10-25 | 0 | Troves of UN gender violence data leaked by unsecured database | ||
| Details | Website | 2024-10-25 | 25 | ReliaQuest Uncovers New Black Basta Social Engineering Technique |