Adversaries may send phishing messages to gain access to victim systems. All forms of phishing are electronically delivered social engineering. Phishing can be targeted, known as spearphishing. In spearphishing, a specific individual, company, or industry will be targeted by the adversary. More generally, adversaries can conduct non-targeted phishing, such as in mass malware spam campaigns.
Adversaries may send victims emails containing malicious attachments or links, typically to execute malicious code on victim systems. Phishing may also be conducted via third-party services, like social media platforms. Phishing may also involve social engineering techniques, such as posing as a trusted source.
View in MITRE ATT&CK®Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
---|---|---|---|---|---|
AC-4 | Information Flow Enforcement | Protects | T1566 | Phishing | |
CA-7 | Continuous Monitoring | Protects | T1566 | Phishing | |
CM-2 | Baseline Configuration | Protects | T1566 | Phishing | |
CM-6 | Configuration Settings | Protects | T1566 | Phishing | |
IA-9 | Service Identification and Authentication | Protects | T1566 | Phishing | |
SC-20 | Secure Name/address Resolution Service (authoritative Source) | Protects | T1566 | Phishing | |
SC-44 | Detonation Chambers | Protects | T1566 | Phishing | |
SC-7 | Boundary Protection | Protects | T1566 | Phishing | |
SI-2 | Flaw Remediation | Protects | T1566 | Phishing | |
SI-3 | Malicious Code Protection | Protects | T1566 | Phishing | |
SI-4 | System Monitoring | Protects | T1566 | Phishing | |
SI-8 | Spam Protection | Protects | T1566 | Phishing |
Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
---|---|---|---|---|---|
action.malware.vector.Instant messaging | Instant Messaging | related-to | T1566 | Phishing | |
action.social.variety.Phishing | Any type of *ishing. Phishing always involves getting data from the victim. Phishing usually has some element of pretexting, but often it doesn’t rise to the level of an invented scenario. E.g. A fake google login page isn’t really pretexting. | related-to | T1566 | Phishing | |
action.social.vector.Email | related-to | T1566 | Phishing |
Technique ID | Technique Name | Number of Mappings |
---|---|---|
T1566.002 | Spearphishing Link | 14 |
T1566.001 | Spearphishing Attachment | 16 |
T1566.003 | Spearphishing via Service | 10 |