A phishing attack framework, in the context of cybersecurity, is a structured and organized approach or methodology used to plan, execute, and manage phishing attacks. It’s essentially a toolkit or set of tactics that actors employ to increase the effectiveness of their phishing campaigns.
This is not an actual framework, per se, as well-established adversaries already have a pretty good system that works for them. Additionally, phishing techniques are defined by MITRE ATT&CK | T1566
Here at Phish & Chips, we provide resources around a phishing attack framework that contains the following components:
- Target Selection (TS)
- Social Engineering (SE)
- Email Crafting (EC)
- Payload Delivery (PD)
- Command and Control (C2)
- Data Harvesting (DH)
- Evasion (Ev)
- Campaign Management (CM)
- Reporting and Analysis (RA)
Phishing attack frameworks can be highly sophisticated and may involve a combination of technical skills, social engineering tactics, and knowledge of human psychology. They are used by cybercriminals to target individuals, organizations, or even entire industries.
Get Started:
Disclaimer: It’s important for cybersecurity professionals and organizations to be aware of phishing attack frameworks and continuously update their defenses to protect against these evolving threats.
Check-out our Awareness & Training Resources while you’re at it.