Skip to content

Latest commit

 

History

History
24 lines (18 loc) · 1.72 KB

description.md

File metadata and controls

24 lines (18 loc) · 1.72 KB

IM phishing

ID: SAT1018

Tactics

  • Initial Access

Summary

Traditionally, phishing attacks have been mostly email-based. While many organizations have been making use of SaaS-based instant messaging apps, these have been traditionally focused on internal communications, but this is changing rapidly.

Due to the ubiquity and effectiveness of instant messaging apps, communication with external parties has become more common. Instant messaging apps also lack many of the security controls around malicious links and attachments that have been common in email gateways for many years. This along with the immediacy and real-time nature of IM makes it a great vector for phishing attacks as users are less familiar with these apps as delivery vectors for phishing attacks.

Examples

References