Common Information
| Type | Value |
|---|---|
| Value |
Phishing - T1660 |
| Category | Attack-Pattern |
| Type | Mitre-Attack-Pattern |
| Misp Type | Cluster |
| Description | Adversaries may send malicious content to users in order to gain access to their mobile devices. All forms of phishing are electronically delivered social engineering. Adversaries can conduct both non-targeted phishing, such as in mass malware spam campaigns, as well as more targeted phishing tailored for a specific individual, company, or industry, known as “spearphishing”. Phishing often involves social engineering techniques, such as posing as a trusted source, as well as evasion techniques, such as removing or manipulating emails or metadata/headers from compromised accounts being abused to send messages. Mobile phishing may take various forms. For example, adversaries may send emails containing malicious attachments or links, typically to deliver and then execute malicious code on victim devices. Phishing may also be conducted via third-party services, like social media platforms. Mobile devices are a particularly attractive target for adversaries executing phishing campaigns. Due to their smaller form factor than traditional desktop endpoints, users may not be able to notice minor differences between genuine and phishing websites. Further, mobile devices have additional sensors and radios that allow adversaries to execute phishing attempts over several different vectors, such as: - SMS messages: Adversaries may send SMS messages (known as “smishing”) from compromised devices to potential targets to convince the target to, for example, install malware, navigate to a specific website, or enable certain insecure configurations on their device. - Quick Response (QR) Codes: Adversaries may use QR codes (known as “quishing”) to redirect users to a phishing website. For example, an adversary could replace a legitimate public QR Code with one that leads to a different destination, such as a phishing website. A malicious QR code could also be delivered via other means, such as SMS or email. In the latter case, an adversary could utilize a malicious QR code in an email to pivot from the user’s desktop computer to their mobile device. - Phone Calls: Adversaries may call victims (known as “vishing”) to persuade them to perform an action, such as providing login credentials or navigating to a malicious website. This could also be used as a technique to perform the initial access on a mobile device, but then pivot to a computer/other network by having the victim perform an action on a desktop computer. |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2028-10-24 | 0 | MIT Technology Review Insights Survey on Zero Trust in Cybersecurity | ||
| Details | Website | 2024-12-30 | 27 | Interlab 인터랩 | Cyber Threat Report: RambleOn Android Malware | ||
| Details | Website | 2024-12-19 | 17 | Silent Push uncovers a large Russian Ursnif/Gozi banking trojan operation targeting global AnyDesk users. — Silent Push Threat Intelligence | ||
| Details | Website | 2024-11-22 | 6 | Black Friday e-commerce scam: Comprehensive analysis of PayPal attack vectors. — Silent Push Threat Intelligence | ||
| Details | Website | 2024-11-17 | 0 | Phishing emails increasingly use SVG attachments to evade detection | ||
| Details | Website | 2024-11-17 | 0 | "Navigating the future of digital security: How evolving threats, advanced AI, and new protection… | ||
| Details | Website | 2024-11-17 | 0 | Don’t Hold Down The Ctrl Key Warning As New 2SP Cyber Attacks Emerge | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting | ||
| Details | Website | 2024-11-17 | 1 | Compare Easy-to-use VPN Services | ||
| Details | Website | 2024-11-17 | 0 | From Detection to Response: The Power of XDR in Cybersecurity | ||
| Details | Website | 2024-11-17 | 2 | Malware and Cache | ||
| Details | Website | 2024-11-17 | 0 | Embracing cybersecurity in pop culture from fiction to reality - London Business News | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting | ||
| Details | Website | 2024-11-17 | 0 | Bank fraud is rampant. Your data could be anywhere. Here’s how to protect yourself. | ||
| Details | Website | 2024-11-17 | 0 | The Security illusion: Why Two-Factor Authentication is No Longer Enough | ||
| Details | Website | 2024-11-17 | 0 | Ontology and Taxonomy in Cybersecurity | ||
| Details | Website | 2024-11-17 | 1 | Is Nordvpn Safe To Install? — Comprehensive Guide And FAQs | ||
| Details | Website | 2024-11-17 | 0 | Cybersecurity Myths Busted: What You Need to Know to Stay Safe | ||
| Details | Website | 2024-11-17 | 0 | AI’s Game-Changing Impact on Mobile Security | ||
| Details | Website | 2024-11-17 | 0 | Debunking Cybersecurity Myths | ||
| Details | Website | 2024-11-17 | 0 | Black Friday and Cyber Monday: A Hotspot for Cyber Crime | #cybercrime | #infosec | National Cyber Security Consulting | ||
| Details | Website | 2024-11-17 | 0 | 🚨 Vietnamese Hackers Unleash PXA Stealer: Targeting Sensitive Data Across Europe and Asia 🌍🔓 | ||
| Details | Website | 2024-11-17 | 1 | Best Price On Top-rated VPN | ||
| Details | Website | 2024-11-17 | 0 | T-Mobile Hack Linked To Chinese State Sponsored Hackers | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting | ||
| Details | Website | 2024-11-17 | 0 | ChatGPT Security Risks for Business: The Essential Checklist for Protection | ||
| Details | Website | 2024-11-17 | 3 | LetsDefend SOC Walkthrough | SOC145 — Ransomware Detected | ||
| Details | Website | 2024-11-17 | 2 | Phishing emails increasingly use SVG attachments to evade detection |