Common Information
Type | Value |
---|---|
Value |
Phishing - T1566 |
Category | Attack-Pattern |
Type | Mitre-Attack-Pattern |
Misp Type | Cluster |
Description | Adversaries may send phishing messages to gain access to victim systems. All forms of phishing are electronically delivered social engineering. Phishing can be targeted, known as spearphishing. In spearphishing, a specific individual, company, or industry will be targeted by the adversary. More generally, adversaries can conduct non-targeted phishing, such as in mass malware spam campaigns. Adversaries may send victims emails containing malicious attachments or links, typically to execute malicious code on victim systems. Phishing may also be conducted via third-party services, like social media platforms. Phishing may also involve social engineering techniques, such as posing as a trusted source, as well as evasive techniques such as removing or manipulating emails or metadata/headers from compromised accounts being abused to send messages (e.g., [Email Hiding Rules](https://attack.mitre.org/techniques/T1564/008)).(Citation: Microsoft OAuth Spam 2022)(Citation: Palo Alto Unit 42 VBA Infostealer 2014) Another way to accomplish this is by forging or spoofing(Citation: Proofpoint-spoof) the identity of the sender which can be used to fool both the human recipient as well as automated security tools.(Citation: cyberproof-double-bounce) Victims may also receive phishing messages that instruct them to call a phone number where they are directed to visit a malicious URL, download malware,(Citation: sygnia Luna Month)(Citation: CISA Remote Monitoring and Management Software) or install adversary-accessible remote management tools onto their computer (i.e., [User Execution](https://attack.mitre.org/techniques/T1204)).(Citation: Unit42 Luna Moth) |
Details | Published | Attributes | CTI | Title | ||
---|---|---|---|---|---|---|
Details | Website | 2030-03-02 | 20 | APT QUARTERLY HIGHLIGHTS - Q3 : 2023 - CYFIRMA | ||
Details | Website | 2028-10-24 | 0 | MIT Technology Review Insights Survey on Zero Trust in Cybersecurity | ||
Details | Website | 2025-12-17 | 17 | Stories from the SOC: Caught in the Trap: Detecting and… | ||
Details | Website | 2025-09-01 | 0 | How ThreatConnect and Polarity Empower Teams to Combat Phishing Threats | ThreatConnect | ||
Details | Website | 2025-08-01 | 0 | — | ||
Details | Website | 2025-02-01 | 0 | ThreatConnect’s 2024 Year in Review: Let’s Celebrate What We’ve Accomplished Together | ThreatConnect | ||
Details | Website | 2025-01-22 | 5 | Two ransomware groups abuse Microsoft’s Office 365 platform to gain access to target organizations | ||
Details | Website | 2025-01-22 | 0 | WANT BREAK INTO CYBERSECURITY? | ||
Details | Website | 2025-01-22 | 0 | Security Awareness Training: Your First Line of Defense Against Cyber Threats | ||
Details | Website | 2025-01-22 | 0 | Top Cybersecurity Threats Businesses Need to Watch in 2025 | ||
Details | Website | 2025-01-22 | 2 | When Fake IT Support Comes Knocking: A Healthcare Story | ||
Details | Website | 2025-01-22 | 0 | Empathy: The Key to Coveted Trusted Advisor Status | ||
Details | Website | 2025-01-22 | 0 | Best Email Security Services: Protecting Your Business from Cyber Threats | ||
Details | Website | 2025-01-22 | 0 | Penetration Testing Services: A Critical Component of Cybersecurity | ||
Details | Website | 2025-01-22 | 40 | Dark Web Profile: OilRig (APT34) - SOCRadar® Cyber Intelligence Inc. | ||
Details | Website | 2025-01-22 | 0 | Understanding Mobile Device Management and Its Importance for Businesses | ||
Details | Website | 2025-01-22 | 0 | Secure Your Business with Rutter’s Cybersecurity Expertise in Manchester | ||
Details | Website | 2025-01-22 | 0 | Will 2025 Be the Year We Win the War Against Cybercrime? - Metabase Q | ||
Details | Website | 2025-01-22 | 0 | AI in Cybersecurity: Fighting Cyber Threats with Artificial Intelligence | ||
Details | Website | 2025-01-22 | 0 | Cybersecurity in E-Commerce | ||
Details | Website | 2025-01-22 | 0 | Ditch the Weak Links: Why You Need Phishing-Resistant MFA | ||
Details | Website | 2025-01-22 | 0 | Cybersecurity in the Metaverse: Safeguarding Our Virtual Worlds | ||
Details | Website | 2025-01-22 | 0 | Tycoon 2FA Phishing Kit Upgraded to Bypass Security Measures | ||
Details | Website | 2025-01-22 | 0 | GZR Observer Daily — Jan 22, 2025 | ||
Details | Website | 2025-01-22 | 0 | The Pragmatic Approach to Best Practices: Addressing the Holistic Nature of Cybersecurity |