Phishing - Revision history

Info: /* Description: */

2024-11-11T03:11:43Z

Description:

← Older revision		Revision as of 03:11, 11 November 2024
Line 41:		Line 41:
	[[Misdirection-Distraction\|Misdirection]]: Phishers commonly use logos or prominent features in emails as a means of misdirection as well as a means of establishing legitimacy.		[[Misdirection-Distraction\|Misdirection]]: Phishers commonly use logos or prominent features in emails as a means of misdirection as well as a means of establishing legitimacy.

	[[Pre-Suasion]]]: Scammers can enhance the effectiveness of phishing emails by employing pre-suasion techniques such as the [[Unfinished-Magnetizer\|Unfinished]], [[Mystery Magnetizer\|Mystery]], or [[Self-Relevance-Magnetizer\|Self-Relevance]] magnetizers.		[[Pre-Suasion]]: Scammers can enhance the effectiveness of phishing emails by employing pre-suasion techniques such as the [[Unfinished-Magnetizer\|Unfinished]], [[Mystery Magnetizer\|Mystery]], or [[Self-Relevance-Magnetizer\|Self-Relevance]] magnetizers<ref>Cialdini, R. (2016). Pre-suasion. Simon & Schuster.</ref>.

	[[Narrative Influence]]: Phishing emails can significantly enhance effectiveness by playing into a narrative. Some research suggests that when the narrative of a phishing email is highly aligned with user expectations, it may cause the receiver to ignore or explain away warning cues that an email might be malicious<ref>Greene, K. K., Steves, M., Theofanos, M., & Kostick, J. (2018, February). User context: an explanatory variable in phishing susceptibility. In in Proc. 2018 Workshop Usable Security. https://www.ndss-symposium.org/wp-content/uploads/2018/07/usec2018_01-2_Greene_paper.pdf</ref>.		[[Narrative Influence]]: Phishing emails can significantly enhance effectiveness by playing into a narrative. Some research suggests that when the narrative of a phishing email is highly aligned with user expectations, it may cause the receiver to ignore or explain away warning cues that an email might be malicious<ref>Greene, K. K., Steves, M., Theofanos, M., & Kostick, J. (2018, February). User context: an explanatory variable in phishing susceptibility. In in Proc. 2018 Workshop Usable Security. https://www.ndss-symposium.org/wp-content/uploads/2018/07/usec2018_01-2_Greene_paper.pdf</ref>.

Info: /* Description: */

2024-11-11T03:06:29Z

Description:

← Older revision		Revision as of 03:06, 11 November 2024
Line 43:		Line 43:
	[[Pre-Suasion]]]: Scammers can enhance the effectiveness of phishing emails by employing pre-suasion techniques such as the [[Unfinished-Magnetizer\|Unfinished]], [[Mystery Magnetizer\|Mystery]], or [[Self-Relevance-Magnetizer\|Self-Relevance]] magnetizers.		[[Pre-Suasion]]]: Scammers can enhance the effectiveness of phishing emails by employing pre-suasion techniques such as the [[Unfinished-Magnetizer\|Unfinished]], [[Mystery Magnetizer\|Mystery]], or [[Self-Relevance-Magnetizer\|Self-Relevance]] magnetizers.

	[[Narrative Influence]]: Phishing emails can significantly enhance effectiveness by playing into a narrative.		[[Narrative Influence]]: Phishing emails can significantly enhance effectiveness by playing into a narrative. Some research suggests that when the narrative of a phishing email is highly aligned with user expectations, it may cause the receiver to ignore or explain away warning cues that an email might be malicious<ref>Greene, K. K., Steves, M., Theofanos, M., & Kostick, J. (2018, February). User context: an explanatory variable in phishing susceptibility. In in Proc. 2018 Workshop Usable Security. https://www.ndss-symposium.org/wp-content/uploads/2018/07/usec2018_01-2_Greene_paper.pdf</ref>.

			[[Assistance Ploy\|Assistance]]: Phishing emails sometimes very effectively impersonate employees seeking assistance as the email pretext.

	== '''Examples:''' ==		== '''Examples:''' ==

Info: /* Description: */

2024-11-11T02:59:25Z

Description:

← Older revision		Revision as of 02:59, 11 November 2024
Line 40:		Line 40:

	[[Misdirection-Distraction\|Misdirection]]: Phishers commonly use logos or prominent features in emails as a means of misdirection as well as a means of establishing legitimacy.		[[Misdirection-Distraction\|Misdirection]]: Phishers commonly use logos or prominent features in emails as a means of misdirection as well as a means of establishing legitimacy.

			[[Pre-Suasion]]]: Scammers can enhance the effectiveness of phishing emails by employing pre-suasion techniques such as the [[Unfinished-Magnetizer\|Unfinished]], [[Mystery Magnetizer\|Mystery]], or [[Self-Relevance-Magnetizer\|Self-Relevance]] magnetizers.

			[[Narrative Influence]]: Phishing emails can significantly enhance effectiveness by playing into a narrative.

	== '''Examples:''' ==		== '''Examples:''' ==

Info: /* Description: */

2024-11-11T02:51:50Z

Description:

← Older revision		Revision as of 02:51, 11 November 2024
Line 33:		Line 33:

	'''INTERACTIONS''' [VETs]: <br>		'''INTERACTIONS''' [VETs]: <br>
			[[Authority]]: Impersonating an authority figure and imposing authoritarian tactics is among the most common phishing tactics because it is a very effective cognitive exploit.

			[[Reciprocation]]: Attempting to invoke reciprocity in the target of a phishing attempt has been documented in some phishing emails<ref>Zielinska, O. A., Welk, A. K., Mayhorn, C. B., & Murphy-Hill, E. (2016, September). A temporal analysis of persuasion principles in phishing emails. In Proceedings of the human factors and ergonomics society annual meeting (Vol. 60, No. 1, pp. 765-769). Sage CA: Los Angeles, CA: SAGE Publications. https://journals.sagepub.com/doi/abs/10.1177/1541931213601175</ref>.

			[[Excitement-Appeal to\|Excitement]]: Scammers often appeal to excitement as a means of compelling a target to click a link or download malware.

			[[Misdirection-Distraction\|Misdirection]]: Phishers commonly use logos or prominent features in emails as a means of misdirection as well as a means of establishing legitimacy.

	== '''Examples:''' ==		== '''Examples:''' ==

Info: /* Description: */

2024-11-11T02:31:14Z

Description:

← Older revision		Revision as of 02:31, 11 November 2024
Line 25:		Line 25:
	'''Mechanism:''' <br>		'''Mechanism:''' <br>

	'''Multipliers:''' Research indicates that using a mobile device can make an individual MORE susceptible to clicking malicious links<ref>Zhuo, S., Biddle, R., Betts, L., Arachchilage, N. A. G., Koh, Y. S., Lottridge, D., & Russello, G. (2023). What You See is Not What You Get: The Role of Email Presentation in Phishing Susceptibility. https://arxiv.org/abs/2304.00664</ref> <br>		'''Multipliers:''' <br>
			Distraction: [[Distracted Approach-Distraction]] (CAT-2022-191) users who are distracted or who have their attention directed toward another task or object are more susceptible to phishing attempts.

			Mobile Device Usage: Research indicates that using a mobile device can make an individual MORE susceptible to clicking malicious links<ref>Zhuo, S., Biddle, R., Betts, L., Arachchilage, N. A. G., Koh, Y. S., Lottridge, D., & Russello, G. (2023). What You See is Not What You Get: The Role of Email Presentation in Phishing Susceptibility. https://arxiv.org/abs/2304.00664</ref> <br>

	'''Detailed Description:''' Fraudulent attempt to obtain sensitive information from a target, or convince a target to download malware, by impersonating a trustworthy entity. This is typically carried out using email as the communication medium. <br>		'''Detailed Description:''' Fraudulent attempt to obtain sensitive information from a target, or convince a target to download malware, by impersonating a trustworthy entity. This is typically carried out using email as the communication medium. <br>

Info: /* Description: */

2024-11-11T00:17:33Z

Description:

← Older revision		Revision as of 00:17, 11 November 2024
Line 25:		Line 25:
	'''Mechanism:''' <br>		'''Mechanism:''' <br>

	'''Multipliers:''' Research indicates that using a mobile device can make an individual MORE susceptible to clicking malicious links<ref>Zhuo, S., Biddle, R., Betts, L., Arachchilage, N. A. G., Koh, Y. S., Lottridge, D., & Russello, G. (2023). What You See is Not What You Get: The Role of Email Presentation in Phishing Susceptibility~~. arXiv preprint arXiv:2304.00664~~. https://arxiv.org/abs/2304.00664</ref> <br>		'''Multipliers:''' Research indicates that using a mobile device can make an individual MORE susceptible to clicking malicious links<ref>Zhuo, S., Biddle, R., Betts, L., Arachchilage, N. A. G., Koh, Y. S., Lottridge, D., & Russello, G. (2023). What You See is Not What You Get: The Role of Email Presentation in Phishing Susceptibility. https://arxiv.org/abs/2304.00664</ref> <br>

	'''Detailed Description:''' Fraudulent attempt to obtain sensitive information from a target, or convince a target to download malware, by impersonating a trustworthy entity. This is typically carried out using email as the communication medium. <br>		'''Detailed Description:''' Fraudulent attempt to obtain sensitive information from a target, or convince a target to download malware, by impersonating a trustworthy entity. This is typically carried out using email as the communication medium. <br>

Info: /* Description: */

2024-11-11T00:16:54Z

Description:

← Older revision		Revision as of 00:16, 11 November 2024
Line 25:		Line 25:
	'''Mechanism:''' <br>		'''Mechanism:''' <br>

	'''Multipliers:''' <br>		'''Multipliers:''' Research indicates that using a mobile device can make an individual MORE susceptible to clicking malicious links<ref>Zhuo, S., Biddle, R., Betts, L., Arachchilage, N. A. G., Koh, Y. S., Lottridge, D., & Russello, G. (2023). What You See is Not What You Get: The Role of Email Presentation in Phishing Susceptibility. arXiv preprint arXiv:2304.00664. https://arxiv.org/abs/2304.00664</ref> <br>

	'''Detailed Description:''' Fraudulent attempt to obtain sensitive information from a target, or convince a target to download malware, by impersonating a trustworthy entity. This is typically carried out using email as the communication medium. <br>		'''Detailed Description:''' Fraudulent attempt to obtain sensitive information from a target, or convince a target to download malware, by impersonating a trustworthy entity. This is typically carried out using email as the communication medium. <br>

Info: Created page with "== '''Phishing ''' == '''Short Description:''' Using email to deceive a target into downloading malware or revealing sensitive information.
'''CAT ID:''' CAT-2022-132
'''Layer:''' 8
'''Operational Scale:''' Tactical
'''Level of Maturity:''' Well-Established
'''Category:''' TTP
'''Subcategory:'''
'''Also Known As:'''
== '''Description:''' == '''Brief Description:'''
'''Closely Related Concepts:'''
'''Me..."

2024-07-30T03:10:32Z

Created page with "== '''Phishing ''' == '''Short Description:''' Using email to deceive a target into downloading malware or revealing sensitive information. '''CAT ID:''' CAT-2022-132 '''Layer:''' 8 '''Operational Scale:''' Tactical '''Level of Maturity:''' Well-Established '''Category:''' TTP '''Subcategory:''' '''Also Known As:''' == '''Description:''' == '''Brief Description:''' '''Closely Related Concepts:''' '''Me..."

New page

== '''Phishing ''' ==

'''Short Description:''' Using email to deceive a target into downloading malware or revealing sensitive information. 

'''CAT ID:''' CAT-2022-132 

'''Layer:''' 8 

'''Operational Scale:''' Tactical 

'''Level of Maturity:''' Well-Established 

'''Category:''' TTP 

'''Subcategory:''' 

'''Also Known As:''' 

== '''Description:''' ==

'''Brief Description:''' 

'''Closely Related Concepts:''' 

'''Mechanism:''' 

'''Multipliers:''' 

'''Detailed Description:''' Fraudulent attempt to obtain sensitive information from a target, or convince a target to download malware, by impersonating a trustworthy entity. This is typically carried out using email as the communication medium. 

'''INTERACTIONS''' [VETs]: 

== '''Examples:''' ==

'''Use Case Example(s):''' 

'''Example(s) From The Wild:''' 

== '''Comments:''' ==

== '''References:''' ==