Phishing for Information (T1598)

View on ATT&CK

In Playbook

Associated Tactics

  • Reconnaissance

Reconnaissance (TA0043)

The adversary is trying to gather information they can use to plan future operations. Reconnaissance consists of techniques that involve adversaries actively or passively gathering information that can be used to support targeting. Such information may include details of the victim organization, infrastructure, or staff/personnel. This information can be leveraged by the adversary to aid in other phases of the adversary lifecycle, such as using gathered information to plan and execute Initial Access, to scope and prioritize post-compromise objectives, or to drive and lead further Reconnaissance efforts.

View on ATT&CK

Procedure Examples

Description Source(s)
Australian Cyber Security Centre. (2012, December). Mitigating Spoofed Emails Using Sender Policy Framework. Retrieved October 19, 2020. ACSC Email Spoofing
Avertium. (n.d.). EVERYTHING YOU NEED TO KNOW ABOUT CALLBACK PHISHING. Retrieved February 2, 2023. Avertium callback phishing
Babon, P. (2020, September 3). Tricky 'Forms' of Phishing. Retrieved October 20, 2020. TrendMictro Phishing
Ducklin, P. (2020, October 2). Serious Security: Phishing without links – when phishers bring along their own web pages. Retrieved October 20, 2020. Sophos Attachment
Itkin, Liora. (2022, September 1). Double-bounced attacks with email spoofing . Retrieved February 24, 2023. cyberproof-double-bounce
Kan, M. (2019, October 24). Hackers Try to Phish United Nations Staffers With Fake Login Pages. Retrieved October 20, 2020. PCMag FakeLogin
Microsoft. (2020, October 13). Anti-spoofing protection in EOP. Retrieved October 19, 2020. Microsoft Anti Spoofing
Microsoft. (2023, September 22). Malicious OAuth applications abuse cloud email services to spread spam. Retrieved March 13, 2023. Microsoft OAuth Spam 2022
O'Donnell, L. (2020, October 20). Facebook: A Top Launching Pad For Phishing Attacks. Retrieved October 20, 2020. ThreatPost Social Media Phishing
Proofpoint. (n.d.). What Is Email Spoofing?. Retrieved February 24, 2023. Proofpoint-spoof
Ryan Hanson. (2016, September 24). phishery. Retrieved October 23, 2020. GitHub Phishery
Vicky Ray and Rob Downs. (2014, October 29). Examining a VBA-Initiated Infostealer Campaign. Retrieved March 13, 2023. Palo Alto Unit 42 VBA Infostealer 2014