T1566 Phishing Mappings

Adversaries may send phishing messages to gain access to victim systems. All forms of phishing are electronically delivered social engineering. Phishing can be targeted, known as spearphishing. In spearphishing, a specific individual, company, or industry will be targeted by the adversary. More generally, adversaries can conduct non-targeted phishing, such as in mass malware spam campaigns.

Adversaries may send victims emails containing malicious attachments or links, typically to execute malicious code on victim systems. Phishing may also be conducted via third-party services, like social media platforms. Phishing may also involve social engineering techniques, such as posing as a trusted source.

View in MITRE ATT&CK®

NIST 800-53 Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
AC-4 Information Flow Enforcement Protects T1566 Phishing
CA-7 Continuous Monitoring Protects T1566 Phishing
CM-2 Baseline Configuration Protects T1566 Phishing
CM-6 Configuration Settings Protects T1566 Phishing
IA-9 Service Identification and Authentication Protects T1566 Phishing
SC-20 Secure Name/address Resolution Service (authoritative Source) Protects T1566 Phishing
SC-44 Detonation Chambers Protects T1566 Phishing
SC-7 Boundary Protection Protects T1566 Phishing
SI-2 Flaw Remediation Protects T1566 Phishing
SI-3 Malicious Code Protection Protects T1566 Phishing
SI-4 System Monitoring Protects T1566 Phishing
SI-8 Spam Protection Protects T1566 Phishing

VERIS Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
action.malware.vector.Instant messaging Instant Messaging related-to T1566 Phishing
action.social.variety.Phishing Any type of *ishing. Phishing always involves getting data from the victim. Phishing usually has some element of pretexting, but often it doesn’t rise to the level of an invented scenario. E.g. A fake google login page isn’t really pretexting. related-to T1566 Phishing
action.social.vector.Email Email related-to T1566 Phishing

ATT&CK Subtechniques

Technique ID Technique Name Number of Mappings
T1566.002 Spearphishing Link 14
T1566.001 Spearphishing Attachment 16
T1566.003 Spearphishing via Service 10