TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

Huntress

Don’t Get Schooled: How to Catch a Phish | Huntress

2022-08-09 · Read original ↗

ATT&CK techniques detected

5 predictions
T1566.002Spearphishing Link
98%
"link, my go - to is always urlscan. io, so let ’ s run this unusual link through this tool * : that definitely looks like amazon, sort of — but not in any language i ’ m used to. what ’ s notable here is i ’ m being asked to log into my amazon account to save it. what would reall…"
T1566.002Spearphishing Link
98%
"] 34 [. ] 41 : icann offers up some additional helpful information : it begs the question, why is amazon contacting me from a tucow ip? shouldn ’ t it be linked to amazon ’ s domain, which is linked to amazon technologies inc.? i ’ ll offer up one more tool in my toolbox : urlsca…"
T1566.002Spearphishing Link
97%
"a web site, in which the perpetrator masquerades as a legitimate business or reputable person. in essence, phishing is an attempt to lure someone into giving away their sensitive information by posing as a legitimate person or entity. when you think about it, phishing evades all …"
T1566Phishing
71%
"t. and hackers are betting on you to act fast to eliminate the discomfort a sense of urgency carries. in the text i received, the sender initiated a sense of urgency in two ways : - by telling me my beloved amazon account has been suspended — a red alert, crisis situation in my h…"
T1598Phishing for Information
69%
"don ’ t get schooled : how to catch a phish | huntress threat actors love a good phish. in this year ’ s data breach investigations report released by verizon, phishing is named as one of the top four key paths for threat actors to achieve success in their attacks. phishing is al…"

Summary

This blog explores phishing and smishing, diving into how to analyze text messages for their validity and legitimacy.