Phishing: Difference between revisions
| Line 40: | Line 40: | ||
[[Misdirection-Distraction|Misdirection]]: Phishers commonly use logos or prominent features in emails as a means of misdirection as well as a means of establishing legitimacy. | [[Misdirection-Distraction|Misdirection]]: Phishers commonly use logos or prominent features in emails as a means of misdirection as well as a means of establishing legitimacy. | ||
[[Pre-Suasion]]]: Scammers can enhance the effectiveness of phishing emails by employing pre-suasion techniques such as the [[Unfinished-Magnetizer|Unfinished]], [[Mystery Magnetizer|Mystery]], or [[Self-Relevance-Magnetizer|Self-Relevance]] magnetizers. | |||
[[Narrative Influence]]: Phishing emails can significantly enhance effectiveness by playing into a narrative. | |||
== '''Examples:''' == | == '''Examples:''' == | ||
Revision as of 02:59, 11 November 2024
Phishing
Short Description: Using email to deceive a target into downloading malware or revealing sensitive information.
CAT ID: CAT-2022-132
Layer: 8
Operational Scale: Tactical
Level of Maturity: Well-Established
Category: TTP
Subcategory:
Also Known As:
Description:
Brief Description:
Closely Related Concepts:
Mechanism:
Multipliers:
Distraction: Distracted Approach-Distraction (CAT-2022-191) users who are distracted or who have their attention directed toward another task or object are more susceptible to phishing attempts.
Mobile Device Usage: Research indicates that using a mobile device can make an individual MORE susceptible to clicking malicious links[1]
Detailed Description: Fraudulent attempt to obtain sensitive information from a target, or convince a target to download malware, by impersonating a trustworthy entity. This is typically carried out using email as the communication medium.
INTERACTIONS [VETs]:
Authority: Impersonating an authority figure and imposing authoritarian tactics is among the most common phishing tactics because it is a very effective cognitive exploit.
Reciprocation: Attempting to invoke reciprocity in the target of a phishing attempt has been documented in some phishing emails[2].
Excitement: Scammers often appeal to excitement as a means of compelling a target to click a link or download malware.
Misdirection: Phishers commonly use logos or prominent features in emails as a means of misdirection as well as a means of establishing legitimacy.
Pre-Suasion]: Scammers can enhance the effectiveness of phishing emails by employing pre-suasion techniques such as the Unfinished, Mystery, or Self-Relevance magnetizers.
Narrative Influence: Phishing emails can significantly enhance effectiveness by playing into a narrative.
Examples:
Use Case Example(s):
Example(s) From The Wild:
Comments:
References:
- ↑ Zhuo, S., Biddle, R., Betts, L., Arachchilage, N. A. G., Koh, Y. S., Lottridge, D., & Russello, G. (2023). What You See is Not What You Get: The Role of Email Presentation in Phishing Susceptibility. https://arxiv.org/abs/2304.00664
- ↑ Zielinska, O. A., Welk, A. K., Mayhorn, C. B., & Murphy-Hill, E. (2016, September). A temporal analysis of persuasion principles in phishing emails. In Proceedings of the human factors and ergonomics society annual meeting (Vol. 60, No. 1, pp. 765-769). Sage CA: Los Angeles, CA: SAGE Publications. https://journals.sagepub.com/doi/abs/10.1177/1541931213601175
