Phishing: Difference between revisions

From Cognitive Attack Taxonomy
Created page with "== '''Phishing ''' == '''Short Description:''' Using email to deceive a target into downloading malware or revealing sensitive information. <br> '''CAT ID:''' CAT-2022-132 <br> '''Layer:''' 8 <br> '''Operational Scale:''' Tactical <br> '''Level of Maturity:''' Well-Established <br> '''Category:''' TTP <br> '''Subcategory:''' <br> '''Also Known As:''' <br> == '''Description:''' == '''Brief Description:''' <br> '''Closely Related Concepts:''' <br> '''Me..."
 
 
(6 intermediate revisions by the same user not shown)
Line 25: Line 25:
'''Mechanism:'''  <br>
'''Mechanism:'''  <br>


'''Multipliers:''' <br>
'''Multipliers:''' <br>
Distraction: [[Distracted Approach-Distraction]] (CAT-2022-191) users who are distracted or who have their attention directed toward another task or object are more susceptible to phishing attempts.
 
Mobile Device Usage: Research indicates that using a mobile device can make an individual MORE susceptible to clicking malicious links<ref>Zhuo, S., Biddle, R., Betts, L., Arachchilage, N. A. G., Koh, Y. S., Lottridge, D., & Russello, G. (2023). What You See is Not What You Get: The Role of Email Presentation in Phishing Susceptibility. https://arxiv.org/abs/2304.00664</ref> <br>


'''Detailed Description:''' Fraudulent attempt to obtain sensitive information from a target, or convince a target to download malware, by impersonating a trustworthy entity. This is typically carried out using email as the communication medium. <br>
'''Detailed Description:''' Fraudulent attempt to obtain sensitive information from a target, or convince a target to download malware, by impersonating a trustworthy entity. This is typically carried out using email as the communication medium. <br>


'''INTERACTIONS''' [VETs]:  <br>
'''INTERACTIONS''' [VETs]:  <br>
[[Authority]]: Impersonating an authority figure and imposing authoritarian tactics is among the most common phishing tactics because it is a very effective cognitive exploit.
[[Reciprocation]]: Attempting to invoke reciprocity in the target of a phishing attempt has been documented in some phishing emails<ref>Zielinska, O. A., Welk, A. K., Mayhorn, C. B., & Murphy-Hill, E. (2016, September). A temporal analysis of persuasion principles in phishing emails. In Proceedings of the human factors and ergonomics society annual meeting (Vol. 60, No. 1, pp. 765-769). Sage CA: Los Angeles, CA: SAGE Publications. https://journals.sagepub.com/doi/abs/10.1177/1541931213601175</ref>.
[[Excitement-Appeal to|Excitement]]: Scammers often appeal to excitement as a means of compelling a target to click a link or download malware.
[[Misdirection-Distraction|Misdirection]]: Phishers commonly use logos or prominent features in emails as a means of misdirection as well as a means of establishing legitimacy.
[[Pre-Suasion]]: Scammers can enhance the effectiveness of phishing emails by employing pre-suasion techniques such as the [[Unfinished-Magnetizer|Unfinished]], [[Mystery Magnetizer|Mystery]], or [[Self-Relevance-Magnetizer|Self-Relevance]] magnetizers<ref>Cialdini, R. (2016). Pre-suasion. Simon & Schuster.</ref>.
[[Narrative Influence]]: Phishing emails can significantly enhance effectiveness by playing into a narrative. Some research suggests that when the narrative of a phishing email is highly aligned with user expectations, it may cause the receiver to ignore or explain away warning cues that an email might be malicious<ref>Greene, K. K., Steves, M., Theofanos, M., & Kostick, J. (2018, February). User context: an explanatory variable in phishing susceptibility. In in Proc. 2018 Workshop Usable Security. https://www.ndss-symposium.org/wp-content/uploads/2018/07/usec2018_01-2_Greene_paper.pdf</ref>.
[[Assistance Ploy|Assistance]]: Phishing emails sometimes very effectively impersonate employees seeking assistance as the email pretext.


== '''Examples:''' ==
== '''Examples:''' ==

Latest revision as of 03:11, 11 November 2024

Phishing

Short Description: Using email to deceive a target into downloading malware or revealing sensitive information.

CAT ID: CAT-2022-132

Layer: 8

Operational Scale: Tactical

Level of Maturity: Well-Established

Category: TTP

Subcategory:

Also Known As:

Description:

Brief Description:

Closely Related Concepts:

Mechanism:

Multipliers:
Distraction: Distracted Approach-Distraction (CAT-2022-191) users who are distracted or who have their attention directed toward another task or object are more susceptible to phishing attempts.

Mobile Device Usage: Research indicates that using a mobile device can make an individual MORE susceptible to clicking malicious links[1]

Detailed Description: Fraudulent attempt to obtain sensitive information from a target, or convince a target to download malware, by impersonating a trustworthy entity. This is typically carried out using email as the communication medium.

INTERACTIONS [VETs]:
Authority: Impersonating an authority figure and imposing authoritarian tactics is among the most common phishing tactics because it is a very effective cognitive exploit.

Reciprocation: Attempting to invoke reciprocity in the target of a phishing attempt has been documented in some phishing emails[2].

Excitement: Scammers often appeal to excitement as a means of compelling a target to click a link or download malware.

Misdirection: Phishers commonly use logos or prominent features in emails as a means of misdirection as well as a means of establishing legitimacy.

Pre-Suasion: Scammers can enhance the effectiveness of phishing emails by employing pre-suasion techniques such as the Unfinished, Mystery, or Self-Relevance magnetizers[3].

Narrative Influence: Phishing emails can significantly enhance effectiveness by playing into a narrative. Some research suggests that when the narrative of a phishing email is highly aligned with user expectations, it may cause the receiver to ignore or explain away warning cues that an email might be malicious[4].

Assistance: Phishing emails sometimes very effectively impersonate employees seeking assistance as the email pretext.

Examples:

Use Case Example(s):

Example(s) From The Wild:

Comments:

References:

  1. Zhuo, S., Biddle, R., Betts, L., Arachchilage, N. A. G., Koh, Y. S., Lottridge, D., & Russello, G. (2023). What You See is Not What You Get: The Role of Email Presentation in Phishing Susceptibility. https://arxiv.org/abs/2304.00664
  2. Zielinska, O. A., Welk, A. K., Mayhorn, C. B., & Murphy-Hill, E. (2016, September). A temporal analysis of persuasion principles in phishing emails. In Proceedings of the human factors and ergonomics society annual meeting (Vol. 60, No. 1, pp. 765-769). Sage CA: Los Angeles, CA: SAGE Publications. https://journals.sagepub.com/doi/abs/10.1177/1541931213601175
  3. Cialdini, R. (2016). Pre-suasion. Simon & Schuster.
  4. Greene, K. K., Steves, M., Theofanos, M., & Kostick, J. (2018, February). User context: an explanatory variable in phishing susceptibility. In in Proc. 2018 Workshop Usable Security. https://www.ndss-symposium.org/wp-content/uploads/2018/07/usec2018_01-2_Greene_paper.pdf