CAPEC-163: Spear Phishing

Description
An adversary targets a specific user or group with a Phishing (CAPEC-98) attack tailored to a category of users in order to have maximum relevance and deceptive capability. Spear Phishing is an enhanced version of the Phishing attack targeted to a specific user or group. The quality of the targeted email is usually enhanced by appearing to come from a known or trusted entity. If the email account of some trusted entity has been compromised the message may be digitally signed. The message will contain information specific to the targeted users that will enhance the probability that they will follow the URL to the compromised site. For example, the message may indicate knowledge of the targets employment, residence, interests, or other information that suggests familiarity. As soon as the user follows the instructions in the message, the attack proceeds as a standard Phishing attack.
Extended Description

For example, using a different character encoding might cause dangerous text to be treated as safe text. Alternatively, the attacker may use certain flags, such as file extensions, to make a target application believe that provided data should be handled using a certain interpreter when the data is not actually of the appropriate type. This can lead to bypassing protection mechanisms, forcing the target to use specific components for input processing, or otherwise causing the user's data to be handled differently than might otherwise be expected. This attack differs from Variable Manipulation in that Variable Manipulation attempts to subvert the target's processing through the value of the input while Input Data Manipulation seeks to control how the input is processed.

Severity :

High

Possibility :

High

Type :

Detailed
Relationships with other CAPECs

This table shows the other attack patterns and high level categories that are related to this attack pattern.

CAPEC-98: Phishing Phishing CAPEC-116: Excavation Excavation CAPEC-406: Dumpster Diving Dumpster Diving CAPEC-407: Pretexting Pretexting
Prerequisites

This table shows the other attack patterns and high level categories that are related to this attack pattern.

  • None. Any user can be targeted by a Spear Phishing attack.
Skills required

This table shows the other attack patterns and high level categories that are related to this attack pattern.

  • Medium Spear phishing attacks require specific knowledge of the victims being targeted, such as which bank is being used by the victims, or websites they commonly log into (Google, Facebook, etc).
Taxonomy mappings

Mappings to ATT&CK, OWASP and other frameworks.

ATTACK | Internal Spearfishing ATTACK | Phishing: Spearfishing Attachment ATTACK | Phishing: Spearfishing Link ATTACK | Phishing: Spearfishing via Service ATTACK | Phishing for Information: Spearfishing Service ATTACK | Phishing for Information: Spearfishing Attachment ATTACK | Phishing for Information: Spearfishing Link
Resources required

An adversay must have the ability communicate their phishing scheme to the victims (via email, instance message, etc.), as well as a website or other platform for victims to enter personal information into.

Related CWE

A Related Weakness relationship associates a weakness with this attack pattern. Each association implies a weakness that must exist for a given attack to be successful.

CWE-451: User Interface (UI) Misrepresentation of Critical Information

Visit http://capec.mitre.org/ for more details.