Common Information
Type Value
Value
Phishing - T1566
Category Attack-Pattern
Type Mitre-Attack-Pattern
Misp Type Cluster
Description Adversaries may send phishing messages to gain access to victim systems. All forms of phishing are electronically delivered social engineering. Phishing can be targeted, known as spearphishing. In spearphishing, a specific individual, company, or industry will be targeted by the adversary. More generally, adversaries can conduct non-targeted phishing, such as in mass malware spam campaigns. Adversaries may send victims emails containing malicious attachments or links, typically to execute malicious code on victim systems. Phishing may also be conducted via third-party services, like social media platforms. Phishing may also involve social engineering techniques, such as posing as a trusted source, as well as evasive techniques such as removing or manipulating emails or metadata/headers from compromised accounts being abused to send messages (e.g., [Email Hiding Rules](https://attack.mitre.org/techniques/T1564/008)).(Citation: Microsoft OAuth Spam 2022)(Citation: Palo Alto Unit 42 VBA Infostealer 2014) Another way to accomplish this is by forging or spoofing(Citation: Proofpoint-spoof) the identity of the sender which can be used to fool both the human recipient as well as automated security tools.(Citation: cyberproof-double-bounce) Victims may also receive phishing messages that instruct them to call a phone number where they are directed to visit a malicious URL, download malware,(Citation: sygnia Luna Month)(Citation: CISA Remote Monitoring and Management Software) or install adversary-accessible remote management tools onto their computer (i.e., [User Execution](https://attack.mitre.org/techniques/T1204)).(Citation: Unit42 Luna Moth)
Details Published Attributes CTI Title
Details Website 2030-03-02 20 APT QUARTERLY HIGHLIGHTS - Q3 : 2023 - CYFIRMA
Details Website 2028-10-24 0 MIT Technology Review Insights Survey on Zero Trust in Cybersecurity
Details Website 2025-12-17 17 Stories from the SOC: Caught in the Trap: Detecting and…
Details Website 2025-09-01 0 How ThreatConnect and Polarity Empower Teams to Combat Phishing Threats | ThreatConnect
Details Website 2025-08-01 0
Details Website 2025-02-01 0 ThreatConnect’s 2024 Year in Review: Let’s Celebrate What We’ve Accomplished Together | ThreatConnect
Details Website 2025-01-22 5 Two ransomware groups abuse Microsoft’s Office 365 platform to gain access to target organizations
Details Website 2025-01-22 0 WANT BREAK INTO CYBERSECURITY?
Details Website 2025-01-22 0 Security Awareness Training: Your First Line of Defense Against Cyber Threats
Details Website 2025-01-22 0 Top Cybersecurity Threats Businesses Need to Watch in 2025
Details Website 2025-01-22 2 When Fake IT Support Comes Knocking: A Healthcare Story
Details Website 2025-01-22 0 Empathy: The Key to Coveted Trusted Advisor Status
Details Website 2025-01-22 0 Best Email Security Services: Protecting Your Business from Cyber Threats
Details Website 2025-01-22 0 Penetration Testing Services: A Critical Component of Cybersecurity
Details Website 2025-01-22 40 Dark Web Profile: OilRig (APT34) - SOCRadar® Cyber Intelligence Inc.
Details Website 2025-01-22 0 Understanding Mobile Device Management and Its Importance for Businesses
Details Website 2025-01-22 0 Secure Your Business with Rutter’s Cybersecurity Expertise in Manchester
Details Website 2025-01-22 0 Will 2025 Be the Year We Win the War Against Cybercrime? - Metabase Q
Details Website 2025-01-22 0 AI in Cybersecurity: Fighting Cyber Threats with Artificial Intelligence
Details Website 2025-01-22 0 Cybersecurity in E-Commerce
Details Website 2025-01-22 0 Ditch the Weak Links: Why You Need Phishing-Resistant MFA
Details Website 2025-01-22 0 Cybersecurity in the Metaverse: Safeguarding Our Virtual Worlds
Details Website 2025-01-22 0 Tycoon 2FA Phishing Kit Upgraded to Bypass Security Measures
Details Website 2025-01-22 0 GZR Observer Daily — Jan 22, 2025
Details Website 2025-01-22 0 The Pragmatic Approach to Best Practices: Addressing the Holistic Nature of Cybersecurity