Adversaries may send phishing messages to elicit sensitive information that can be used during targeting. Phishing for information is an attempt to trick targets into divulging information, frequently credentials or other actionable information. Phishing for information is different from Phishing in that the objective is gathering data from the victim rather than executing malicious code.
All forms of phishing are electronically delivered social engineering. Phishing can be targeted, known as spearphishing. In spearphishing, a specific individual, company, or industry will be targeted by the adversary. More generally, adversaries can conduct non-targeted phishing, such as in mass credential harvesting campaigns.
Adversaries may also try to obtain information directly through the exchange of emails, instant messages, or other electronic conversation means.(Citation: ThreatPost Social Media Phishing)(Citation: TrendMictro Phishing)(Citation: PCMag FakeLogin)(Citation: Sophos Attachment)(Citation: GitHub Phishery) Phishing for information frequently involves social engineering techniques, such as posing as a source with a reason to collect information (ex: Establish Accounts or Compromise Accounts) and/or sending multiple, seemingly urgent messages.
View in MITRE ATT&CK®Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name |
---|---|---|---|---|
AC-4 | Information Flow Enforcement | Protects | T1598 | Phishing for Information |
CA-7 | Continuous Monitoring | Protects | T1598 | Phishing for Information |
CM-2 | Baseline Configuration | Protects | T1598 | Phishing for Information |
CM-6 | Configuration Settings | Protects | T1598 | Phishing for Information |
IA-9 | Service Identification and Authentication | Protects | T1598 | Phishing for Information |
SC-20 | Secure Name/address Resolution Service (authoritative Source) | Protects | T1598 | Phishing for Information |
SC-44 | Detonation Chambers | Protects | T1598 | Phishing for Information |
SC-7 | Boundary Protection | Protects | T1598 | Phishing for Information |
SI-3 | Malicious Code Protection | Protects | T1598 | Phishing for Information |
SI-4 | System Monitoring | Protects | T1598 | Phishing for Information |
SI-8 | Spam Protection | Protects | T1598 | Phishing for Information |
Technique ID | Technique Name | Number of Mappings |
---|---|---|
T1598.002 | Spearphishing Attachment | 11 |
T1598.003 | Spearphishing Link | 11 |
T1598.001 | Spearphishing Service | 7 |