attck4fraud
attck4fraud - Principles of MITRE ATT&CK in the fraud domain
Authors
| Authors and/or Contributors |
|---|
| Francesco Bigarella |
| Christophe Vandeplas |
Phishing
In the context of ATT&CK for Fraud, phishing is described as the sending of fraudulent emails to a large audience in order to obtain sensitive information (PII, credentials, payment information). Phishing is never targeted to a specific individual or organisation. Phishing tries to create a sense of urgency or curiosity in order to capture the victim.
Internal MISP references
UUID 65d9dc34-d0eb-4b12-ab96-2e382845ab75 which can be used as unique global reference for Phishing in MISP communities and other software using the MISP galaxy
External references
- https://blog.malwarebytes.com/cybercrime/2015/02/amazon-notice-ticket-number-phish-seeks-card-details/ - webarchive
- https://www.bleepingcomputer.com/news/security/widespread-apple-id-phishing-attack-pretends-to-be-app-store-receipts/ - webarchive
- https://www.association-secure-transactions.eu/industry-information/fraud-definitions/ - webarchive
Associated metadata
| Metadata key | Value |
|---|---|
| detection | Email sender is spoofed; Email sender belongs to a domain recently created; Presence of typos or poor grammar in the email text; The request in the mail is unsolicited and creates urgency; No recollection of the subject or the sender of the phishing email; Request for credentials; Presence of a suspicious URL or attachment. |
| examples | ['Phishing messages were sent to Amazon users posing as the Amazon customer support', 'Fake Apple invoices were sent to Apple App Store customers in order to obtain their Apple ID credentials'] |
| external_id | FT1001 |
| kill_chain | ['fraud-tactics:Initiation'] |
| mitigation | Implementation of DKIM and SPF authentication to detected spoofed email senders; anti-phishing solutions. |
| victim | end customer, enterprise |
Spear phishing
Spear phishing is the use of targeted emails to gain the trust of the target with the goal of committing fraud. Spear phishing messages are generally specific to the target and show an understanding of the target’s organisation structure, supply chain or business.
Synonyms
"synonyms" in the meta part typically refer to alternate names or labels that are associated with a particular Spear phishing.
| Known Synonyms |
|---|
Spear-phishing |
Internal MISP references
UUID 41f7cfc1-51ed-4a8d-aba9-34f9c6b8388b which can be used as unique global reference for Spear phishing in MISP communities and other software using the MISP galaxy
External references
- http://fortune.com/2017/04/27/facebook-google-rimasauskas/ - webarchive
- https://www.ibtimes.co.uk/russian-hackers-fancy-bear-likely-breached-olympic-drug-testing-agency-dnc-experts-say-1577508 - webarchive
- https://www.association-secure-transactions.eu/industry-information/fraud-definitions/ - webarchive
Associated metadata
| Metadata key | Value |
|---|---|
| detection | Email sender is spoofed; Email sender belongs to a domain recently created; The request in the mail is unsolicited and creates urgency; No recollection of the subject or the sender of the phishing email; Request for credentials; Presence of a suspicious URL or attachment. |
| examples | ['In 2013 a Lithuanian man was able to obtain the trust of Facebook and Google and gain a sum of over USD 100 million in fraudulent payments.', 'World Anti-Doping Agency was targeted by spear phishing emails trying to obtain valid credentials'] |
| external_id | FT1002 |
| kill_chain | ['fraud-tactics:Initiation'] |
| mitigation | Implementation of DKIM and SPF authentication to detected spoofed email senders; flagging email coming from outside the enterprise (enterprise); anti-phishing solutions; awareness training (enterprise). |
| victim | end customer, enterprise |
ATM skimming
ATM Skimming refers to the act of capturing the data stored on a bank cards (tracks) and the Personal Identification Number (PIN) associated to that card. Upon obtaining the data, the criminal proceeds to encode the same information into a new card and use it in combination with the PIN to perform illicit cash withdrawals. ATM Skimming is often achieved with a combination of a skimmer device for the card and a camera to capture the PIN.
Synonyms
"synonyms" in the meta part typically refer to alternate names or labels that are associated with a particular ATM skimming.
| Known Synonyms |
|---|
Skimming - CPP ATM |
Internal MISP references
UUID 0e45e11c-9c24-49a2-b1fe-5d78a235844b which can be used as unique global reference for ATM skimming in MISP communities and other software using the MISP galaxy
External references
- https://krebsonsecurity.com/2015/07/spike-in-atm-skimming-in-mexico/ - webarchive
- https://krebsonsecurity.com/2011/12/pro-grade-3d-printer-made-atm-skimmer/ - webarchive
- https://krebsonsecurity.com/2017/08/dumping-data-from-deep-insert-skimmers/ - webarchive
- https://krebsonsecurity.com/2016/06/atm-insert-skimmers-in-action/ - webarchive
- https://krebsonsecurity.com/2014/11/skimmer-innovation-wiretapping-atms/ - webarchive
- https://krebsonsecurity.com/2016/09/secret-service-warns-of-periscope-skimmers/ - webarchive
- https://krebsonsecurity.com/2011/03/green-skimmers-skimming-green - webarchive
- https://blog.dieboldnixdorf.com/have-you-asked-yourself-this-question-about-skimming/ - webarchive
- https://www.association-secure-transactions.eu/industry-information/fraud-definitions/ - webarchive
Associated metadata
| Metadata key | Value |
|---|---|
| detection | Anti-skimming technology: metal detection for card readers, card jitter motion. Visual evidence of tampering with the ATM; comparison to nearby ATMs of the same manufacturer and model; Presence of hidden cameras in the ATM fascia or near the PIN pad. |
| examples | ['Insert skimmer', 'Deep-insert skimmer', 'overlay pad skimmer', 'Green skimmer', 'wiretapping'] |
| external_id | FT1003 |
| kill_chain | ['fraud-tactics:Initiation'] |
| mitigation | Anti-skimming technology: metal detection for card readers, card jitter motion (enterprise). Cover the numerical input pad while entering the PIN (customer); Avoid self-standing ATMs in isolated areas (customer); Chip installed on bank cards (enterprise). |
| victim | end customer, enterprise |
ATM cash trapping
Trap the cash dispenser with a physical component. Type 1 are visible to the user and type 2 are hidden in the cash dispenser
Synonyms
"synonyms" in the meta part typically refer to alternate names or labels that are associated with a particular ATM cash trapping.
| Known Synonyms |
|---|
Cash Trapping |
Internal MISP references
UUID 1e709b6e-ff4a-4645-adec-42f9636d38f8 which can be used as unique global reference for ATM cash trapping in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['fraud-tactics:Initiation'] |
ATM Shimming
ATM Shimming refers to the act of capturing a bank card data accessing the EMV chip installed on the card while presenting the card to a ATM. Due to their low profile, shimmers can be fit inside ATM card readers and are therefore more difficult to detect.
Internal MISP references
UUID 469d22c1-7a73-4034-a449-74db7f021255 which can be used as unique global reference for ATM Shimming in MISP communities and other software using the MISP galaxy
External references
- https://krebsonsecurity.com/2015/08/chip-card-atm-shimmer-found-in-mexico/ - webarchive
- https://www.cbc.ca/news/canada/british-columbia/shimmers-criminal-chip-card-reader-fraud-1.3953438 - webarchive
- https://krebsonsecurity.com/2017/01/atm-shimmers-target-chip-based-cards/ - webarchive
- https://blog.dieboldnixdorf.com/atm-security-skimming-vs-shimming/ - webarchive
Associated metadata
| Metadata key | Value |
|---|---|
| detection | Inspection of motorised card slot for the presence of unrecognised devices; Visual evidence of tampering with the ATM. |
| examples | ['Shimmer device found inside a Diebold Opteva 520', 'Shimmer installed inside point-of-sale terminals at Coquitlam'] |
| external_id | FT1004 |
| kill_chain | ['fraud-tactics:Initiation'] |
| mitigation | Cover the numerical input pad while entering the PIN (customer); Avoid self-standing ATMs in isolated areas (customer); Anti-skimming technology: metal detection for card readers, card jitter motion (enterprise); verification of transaction using the codes generated by the EMV chip (enterprise). |
| victim | end customer, enterprise |
Vishing
Also known as voice phishing, is the criminal practice of using social engineering over the telephone system to gain access to private personal and financial information from the public for the purpose of financial reward. It is also employed by attackers for reconnaissance purposes to gather more detailed intelligence on a target organisation.
Internal MISP references
UUID 308fb88c-412a-4468-91ed-468d07fe4170 which can be used as unique global reference for Vishing in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['fraud-tactics:Initiation'] |
POS Skimming
CPP analysis identifies the likely merchant, POS or ATM location from where card numbers were stolen so that banks can mitigate fraud on other compromised cards.
Synonyms
"synonyms" in the meta part typically refer to alternate names or labels that are associated with a particular POS Skimming.
| Known Synonyms |
|---|
Skimming - CPP POS |
Internal MISP references
UUID c33778e5-b5cc-4d12-8e4e-a329156d988c which can be used as unique global reference for POS Skimming in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['fraud-tactics:Initiation'] |
Social Media Scams
Social Media Scams
Internal MISP references
UUID 8702106a-2ceb-4cf2-8d93-c569224f0eee which can be used as unique global reference for Social Media Scams in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['fraud-tactics:Initiation'] |
Malware
Software which is specifically designed to disrupt, damage, or gain authorised access to a computer system.
Internal MISP references
UUID 6ee0f7cd-a0ef-46c5-9d80-f0fbac2a9140 which can be used as unique global reference for Malware in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['fraud-tactics:Target Compromise'] |
Account-Checking Services
Account-Checking Services
Internal MISP references
UUID 1ca518cb-77e0-4261-8fb1-a16a877bce0d which can be used as unique global reference for Account-Checking Services in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['fraud-tactics:Target Compromise'] |
ATM Black Box Attack
Type of Jackpotting attack. Connection of an unauthorized device which sends dispense commands directly to the ATM cash dispenser in order to “cash out” the ATM.
Synonyms
"synonyms" in the meta part typically refer to alternate names or labels that are associated with a particular ATM Black Box Attack.
| Known Synonyms |
|---|
Black Box Attack |
Internal MISP references
UUID 6bec22cb-9aed-426a-bffc-b0a78db6527a which can be used as unique global reference for ATM Black Box Attack in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['fraud-tactics:Target Compromise'] |
Insider Trading
Insider Trading
Internal MISP references
UUID 102e0d9e-8807-4c52-8a79-455d5e688081 which can be used as unique global reference for Insider Trading in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['fraud-tactics:Perform Fraud'] |
Investment Fraud
A deceptive practice in the stock or commodities markets that induces investors to make purchase or sale decisions on the basis of false information, frequently resulting in losses, in violation of securities laws.
Internal MISP references
UUID 92f5f46f-c506-45de-9a7f-f1128e40d47c which can be used as unique global reference for Investment Fraud in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['fraud-tactics:Perform Fraud'] |
Romance Scam
Romance scam is a confidence trick involving feigning romantic intentions towards a victim, gaining their affection, and then using that goodwill to commit fraud. Fraudulent acts may involve access to the victim's money, bank accounts, credit cards, passports, e-mail accounts, or national identification numbers; or forcing the victims to commit financial fraud on their behalf.
Synonyms
"synonyms" in the meta part typically refer to alternate names or labels that are associated with a particular Romance Scam.
| Known Synonyms |
|---|
Romance Fraud |
Internal MISP references
UUID 8ac64815-52c0-4d14-a4e4-4a19b2a6057d which can be used as unique global reference for Romance Scam in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['fraud-tactics:Perform Fraud'] |
Buying/Renting Fraud
Buying/Renting Fraud
Internal MISP references
UUID 464005e5-f608-41c9-a4fa-cfe9b8d26431 which can be used as unique global reference for Buying/Renting Fraud in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['fraud-tactics:Perform Fraud'] |
Cash Recovery Scam
Cash Recovery Scam
Internal MISP references
UUID 97a79d67-02f4-4e1c-ac37-f835c88fe2c2 which can be used as unique global reference for Cash Recovery Scam in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['fraud-tactics:Perform Fraud'] |
Fake Invoice Fraud
Invoice fraud happens when a company or organisation is tricked into changing bank account payee details for a payment. Criminals pose as regular suppliers to the company or organisation and will make a formal request for bank account details to be changed or emit false invoices.
Synonyms
"synonyms" in the meta part typically refer to alternate names or labels that are associated with a particular Fake Invoice Fraud.
| Known Synonyms |
|---|
Invoice Fraud |
Internal MISP references
UUID a0f764d1-b541-4ee7-bb30-21b9a735f644 which can be used as unique global reference for Fake Invoice Fraud in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['fraud-tactics:Perform Fraud'] |
Business Email Compromise
Business Email Compromise
Internal MISP references
UUID d09cd56c-d817-4c9f-bba7-1f26b788238f which can be used as unique global reference for Business Email Compromise in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['fraud-tactics:Perform Fraud'] |
Scam
Scam
Internal MISP references
UUID 0c8b8a09-9caa-49f6-8f96-9302e516373e which can be used as unique global reference for Scam in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['fraud-tactics:Perform Fraud'] |
CxO Fraud
CxO Fraud
Internal MISP references
UUID 76bd07d8-67f4-4af6-9730-723aa2a5b90d which can be used as unique global reference for CxO Fraud in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['fraud-tactics:Perform Fraud'] |
Compromised Payment Cards
The loss of or theft of a card, which is subsequently used for illegal purposes until blocked by the card issuer.
Synonyms
"synonyms" in the meta part typically refer to alternate names or labels that are associated with a particular Compromised Payment Cards.
| Known Synonyms |
|---|
Lost/Stolen Card |
Internal MISP references
UUID d46e397f-8957-41f1-8736-13400b9e82fc which can be used as unique global reference for Compromised Payment Cards in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['fraud-tactics:Obtain Fraudulent Assets'] |
Compromised Account Credentials
Account takeover fraud is a form of identity theft in which the fraudster gets access to a victim's bank or credit card accounts -- through a data breach, malware or phishing -- and uses them to make unauthorised transaction.
Synonyms
"synonyms" in the meta part typically refer to alternate names or labels that are associated with a particular Compromised Account Credentials.
| Known Synonyms |
|---|
Account Takeover Fraud |
Internal MISP references
UUID 7d71e71c-502f-412a-8fc7-584de8a9d203 which can be used as unique global reference for Compromised Account Credentials in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['fraud-tactics:Obtain Fraudulent Assets'] |
Compromised Personally Identifiable Information (PII)
Compromised Personally Identifiable Information (PII)
Internal MISP references
UUID 5537becf-4397-4b9f-916b-d6b776e30c2f which can be used as unique global reference for Compromised Personally Identifiable Information (PII) in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['fraud-tactics:Obtain Fraudulent Assets'] |
Compromised Intellectual Property (IP)
Compromised Intellectual Property (IP)
Internal MISP references
UUID 699e86ad-1188-4189-a7c6-2e2a77422af0 which can be used as unique global reference for Compromised Intellectual Property (IP) in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['fraud-tactics:Obtain Fraudulent Assets'] |
SWIFT Transaction
SWIFT Transaction
Internal MISP references
UUID 7ea5b06e-ba99-4115-b1b6-6fc4eef7bd3b which can be used as unique global reference for SWIFT Transaction in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['fraud-tactics:Assets Transfer'] |
Fund Transfer
Fund Transfer
Internal MISP references
UUID 72ffa97e-d128-4c41-b323-0297b43d8a1b which can be used as unique global reference for Fund Transfer in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['fraud-tactics:Assets Transfer', 'fraud-tactics:Monetisation'] |
Cryptocurrency Exchange
Cryptocurrency Exchange
Internal MISP references
UUID c76a990c-c7ac-4c96-984f-a03fc8676394 which can be used as unique global reference for Cryptocurrency Exchange in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['fraud-tactics:Assets Transfer'] |
ATM Jackpotting
ATM Jackpotting
Internal MISP references
UUID 08a6e487-6987-4764-a6ad-a1d1f3a4d172 which can be used as unique global reference for ATM Jackpotting in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['fraud-tactics:Monetisation'] |
Money Mules
Money Mules
Internal MISP references
UUID f1243265-d50a-42fb-a83c-4696f95636e9 which can be used as unique global reference for Money Mules in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['fraud-tactics:Monetisation'] |
Prepaid Cards
Prepaid Cards
Internal MISP references
UUID 372dfb2e-5df6-4f76-8fc2-9437377ff812 which can be used as unique global reference for Prepaid Cards in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['fraud-tactics:Monetisation'] |
Resell Stolen Data
Resell Stolen Data
Internal MISP references
UUID e5a3297e-dd0d-4c2a-8133-d07ad6aadfd8 which can be used as unique global reference for Resell Stolen Data in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['fraud-tactics:Monetisation'] |
ATM Explosive Attack
ATM Explosive Attack
Internal MISP references
UUID 9bfd2f4f-39a7-43fe-b5cd-a345a065276d which can be used as unique global reference for ATM Explosive Attack in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['fraud-tactics:Monetisation'] |
CNP – Card Not Present
A card not present transaction (CNP, MO/TO, Mail Order / Telephone Order, MOTOEC) is a payment card transaction made where the cardholder does not or cannot physically present the card for a merchant's visual examination at the time that an order is given and payment effected
Internal MISP references
UUID a13829f4-be4b-5ada-8be4-3515b080cf6c which can be used as unique global reference for CNP – Card Not Present in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['fraud-tactics:Perform Fraud'] |
CP – Card Present
A card present transaction occurs when a cardholder physically presents a card to request and authorise a financial transaction
Internal MISP references
UUID 422f283a-19e0-56da-b348-98b5d31fcea6 which can be used as unique global reference for CP – Card Present in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['fraud-tactics:Perform Fraud'] |
Merchant Fraud
Fraud that occurs when a merchant account is used without the intention of operating a legitimate business transaction.
Internal MISP references
UUID ccd0dcc5-5f86-52fb-8e72-7aa6e8f55f8a which can be used as unique global reference for Merchant Fraud in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['fraud-tactics:Perform Fraud'] |
Virtual Currency Fraud
Fraud that involves virtual currency, or virtual money, which is a type of unregulated, digital money, issued and usually controlled by its developers and used and accepted among the members of a specific virtual community.
Internal MISP references
UUID 69273dd2-cc8d-5a83-9544-1b6f6a8f8a53 which can be used as unique global reference for Virtual Currency Fraud in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['fraud-tactics:Monetisation'] |
Cheque Fraud
A category of criminal acts that involve making the unlawful use of cheques in order to illegally acquire or borrow funds that do not exist within the account balance or account-holder's legal ownership. Most methods involve taking advantage the time between the negotiation of the cheque and its clearance at the cheque writer's financial institution to draw out these funds.
Internal MISP references
UUID b70d490e-7eef-5219-ab93-4ea085bf9361 which can be used as unique global reference for Cheque Fraud in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['fraud-tactics:Monetisation'] |
Digital Fraud
Fraud perpetrated via omni- channel means to digital banking or payments channels such as home banking or other electronic services.
Internal MISP references
UUID 39de6438-4c1f-5bdc-b9a8-5cc3e889eaaf which can be used as unique global reference for Digital Fraud in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['fraud-tactics:Perform Fraud'] |
Mobile Fraud
Fraud perpetrated via mobile devices to digital banking, payments channels such as home banking or other electronic services, or online merchants
Internal MISP references
UUID 147b0d04-933c-5244-8c67-33914426d47b which can be used as unique global reference for Mobile Fraud in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['fraud-tactics:Perform Fraud'] |
Telephone Fraud
Fraud perpetrated via land line telephone means to banking or payments channels such as home banking or other electronic services or merchants
Internal MISP references
UUID 5e28b366-d9f0-5079-b796-3fa424ec365a which can be used as unique global reference for Telephone Fraud in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['fraud-tactics:Perform Fraud'] |
Standing Order Fraud
Fraud occurs when a standing order is falsely created or adulterated. A standing order is an automated method of making payments, where a person or business instructs their bank to pay another person or business, a fixed amount of money at regular intervals. Fraud occurs when a standing order is falsely created or adulterated.
Internal MISP references
UUID 86e2f55d-cf76-5be8-9cf3-7bfa24d0ea2a which can be used as unique global reference for Standing Order Fraud in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['fraud-tactics:Assets Transfer'] |
CEO/BEC Fraud
A scam in which cybercriminals spoof company email accounts and impersonate executives to try and fool an employee in accounting or HR into executing unauthorized wire transfers, or sending out confidential information
Internal MISP references
UUID 55a413e3-5eba-5eac-a36b-575bdb2e7cd7 which can be used as unique global reference for CEO/BEC Fraud in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['fraud-tactics:Initiation'] |
Money laundering
An illegal process of concealing the origins of money obtained illegally by passing it through a complex sequence of banking transfers or commercial transactions. The overall scheme of this process returns the money to the launderer in an obscure and indirect way.
Internal MISP references
UUID d0492296-9ba7-59ad-a510-f8a0526c114a which can be used as unique global reference for Money laundering in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['fraud-tactics:Monetisation'] |
BIN Attack
Credit cards are produced in BIN ranges. Where an issuer does not use random generation of the card number, it is possible for an attacker to obtain one good card number and generate valid card numbers
Internal MISP references
UUID 37ff3b85-80f5-5380-8ce0-defee3ba819f which can be used as unique global reference for BIN Attack in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['fraud-tactics:Perform Fraud'] |
DoS - Denial of Service Attack
In computing, a denial-of-service attack is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet
Internal MISP references
UUID 7ca098c2-9f6e-56be-8b32-7f36833803ee which can be used as unique global reference for DoS - Denial of Service Attack in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['fraud-tactics:Initiation'] |
MITM - Man-in-the-Middle Attack
In cryptography and computer security, a man-in-the-middle attack (MITM) is an attack where the attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other
Internal MISP references
UUID bcd23dee-c9da-548d-9d74-2ed7d71133be which can be used as unique global reference for MITM - Man-in-the-Middle Attack in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['fraud-tactics:Initiation'] |
Transaction Reversal Fraud
Unauthorized physical manipulation of ATM cash withdrawal. Appears that cash has not been dispensed – a reversal message generated – SEE FULL TERMINAL FRAUD DEFINITION
Internal MISP references
UUID 2ac0d577-7de1-5cbd-bf8a-30b79cd7f6cc which can be used as unique global reference for Transaction Reversal Fraud in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['fraud-tactics:Target Compromise'] |
Transaction Message Adulteration
The data contained in an authorisation message is manipulated to try to fool the payment processor.
Internal MISP references
UUID fb5b4715-5e6b-5134-a99a-b154b8f2cb84 which can be used as unique global reference for Transaction Message Adulteration in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['fraud-tactics:Target Compromise'] |
First Party (Friendly) Fraud
Fraud committed against a financial institution by one of its own customers
Internal MISP references
UUID 09ac2614-d332-51b4-b7b0-ce3f9a74539b which can be used as unique global reference for First Party (Friendly) Fraud in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['fraud-tactics:Obtain Fraudulent Assets'] |
Identity Spoofing (or entity hacking)
Identity Spoofing refers to the action of assuming (i.e., taking on) the identity of some other entity (human or non-human) and then using that identity to accomplish a goal. An adversary may craft messages that appear to come from a different principle or use stolen / spoofed authentication credentials. Alternatively, an adversary may intercept a message from a legitimate sender and attempt to make it look like the message comes from them without changing its content. The latter form of this attack can be used to hijack credentials from legitimate users. Identity Spoofing attacks need not be limited to transmitted messages - any resource that is associated with an identity (for example, a file with a signature) can be the target of an attack where the adversary attempts to change the apparent identity
Internal MISP references
UUID b105c344-448c-5d70-bb64-31f0f1246389 which can be used as unique global reference for Identity Spoofing (or entity hacking) in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['fraud-tactics:Obtain Fraudulent Assets'] |
Authorised Push Payment Fraud
A form of fraud in which victims are manipulated into making real-time payments to fraudsters, typically by social engineering attacks involving impersonation.
Internal MISP references
UUID b36f88c8-3682-5cac-b89d-33f64f91fc94 which can be used as unique global reference for Authorised Push Payment Fraud in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['fraud-tactics:Assets Transfer'] |
Direct Debit Fraud
Direct debit fraud can take place in several ways. It is often associated with identity theft, where the scammer gains access to the bank account information by posing as the victim. They can pay for services and products via a direct debit option and use this account until its owner notices.
Internal MISP references
UUID def44822-3b24-5612-b6a2-da77f84fb5d9 which can be used as unique global reference for Direct Debit Fraud in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['fraud-tactics:Assets Transfer'] |
Extortion
Obtaining benefit through coercion
Internal MISP references
UUID e376947a-2e73-5c81-b8d5-7ac8a3ecc7a1 which can be used as unique global reference for Extortion in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['fraud-tactics:Perform Fraud'] |
Smishing
Also known as "SMS Phishing", is a form of criminal activity using social engineering techniques. SMS phishing uses cell phone text messages to deliver information and/or requests to induce people to divulge or to take action that will compromise their personal or confidential information.
Internal MISP references
UUID 7607cd1c-c237-55c8-8dc6-d552ca28b86f which can be used as unique global reference for Smishing in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['fraud-tactics:Initiation'] |
Shoulder Surfing
Technique used to obtain information such as personal identification numbers (PINs), passwords and other confidential data by looking over the victim's shoulder
Internal MISP references
UUID 7304230c-a2ba-5f85-915b-21ef2df62c0a which can be used as unique global reference for Shoulder Surfing in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['fraud-tactics:Initiation'] |
Distraction
The process of diverting the attention of an individual or group from a desired area of focus and thereby blocking or diminishing the reception of desired information.
Internal MISP references
UUID cd4a2731-b691-5c91-a608-cf6c431be0ba which can be used as unique global reference for Distraction in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['fraud-tactics:Initiation'] |
Push Payments
Authorised push payment fraud happens when fraudsters deceive consumers or individuals at a business to send them a payment under false pretences to a bank account controlled by the fraudster. As payments made using real-time payment schemes are irrevocable, the victims cannot reverse a payment once they realise they have been conned.
Internal MISP references
UUID 056a1cf1-0c75-59cc-9d73-f3b5b70ab77e which can be used as unique global reference for Push Payments in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['fraud-tactics:Initiation'] |
ATM Malware
Unauthorised software, or authorises software run in an unauthorized manner on ATM PC - SEE FULL TERMINAL FRAUD DEFINITION
Internal MISP references
UUID 956593f4-ff08-523f-995a-6b8c56c101be which can be used as unique global reference for ATM Malware in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['fraud-tactics:Initiation'] |
Data Breach
A data breach is a security incident in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen or used from a PC or Computer Network by an entity unauthorised to do so.
Internal MISP references
UUID 65c6719e-9daf-578a-8d86-0f65b3054e75 which can be used as unique global reference for Data Breach in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['fraud-tactics:Initiation'] |
Ransomware
A type of malicious software designed to block access to a computer system until a sum of money is paid
Internal MISP references
UUID 73e1bbdc-1b73-5b84-9f6c-6d13c491bb47 which can be used as unique global reference for Ransomware in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['fraud-tactics:Initiation'] |
Fake Website
A website that is not a legitimate venue, the site is designed to entice the visitor into revealing sensitive information, to download some form of malware or to purchase products that never arrive
Internal MISP references
UUID d86ff26f-b9c3-5668-8eef-7a178b6fe158 which can be used as unique global reference for Fake Website in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['fraud-tactics:Initiation'] |
Fake App
Apps in mobile devices that trick users into downloading them. They may also pose as quirky and attractive apps, providing interesting services. Once installed on a mobile device, fake apps can perform a variety of malicious routines.
Internal MISP references
UUID 8dba8e97-7af4-5e76-8dde-3be54c9e8a6c which can be used as unique global reference for Fake App in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['fraud-tactics:Initiation'] |
e-Skimming
Cyber criminals introduce skimming code on e-commerce payment card processing web pages to capture credit card and personally identifiable information and send the stolen data to a domain under their control.
Internal MISP references
UUID 7f5886b8-06a2-51cc-8428-5cb67615e3b2 which can be used as unique global reference for e-Skimming in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['fraud-tactics:Initiation'] |
Skimming - CPP UPT
CPP analysis identifies Payment Terminal parking, transport, fuel, etc. locations, from where card numbers were stolen so that banks can mitigate fraud on other compromised cards.
Internal MISP references
UUID e89436a5-1b58-5676-a34d-d654c59a7d32 which can be used as unique global reference for Skimming - CPP UPT in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['fraud-tactics:Initiation'] |
Skimming - CPP Virtual Terminal
Same as e-Skimming
Internal MISP references
UUID 80165f05-1c1d-5f41-96b6-464ac065b052 which can be used as unique global reference for Skimming - CPP Virtual Terminal in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['fraud-tactics:Initiation'] |
Card Trapping
Unauthorized physical ATM manipulation, preventing card from being returned to customer - SEE FULL TERMINAL FRAUD DEFINITION
Internal MISP references
UUID 493b35ed-9415-5de5-a5cb-298f169cc4f4 which can be used as unique global reference for Card Trapping in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['fraud-tactics:Initiation'] |
Lack of Patching / Security
Patch management is the best practice of upgrading existing software applications to remove any weak security patches that could be exploited by hackers. Lack of proper patching allows cyber criminals to exploit systems and networks.
Internal MISP references
UUID 0e7a4057-d84b-5451-9006-5a5efe9e948a which can be used as unique global reference for Lack of Patching / Security in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['fraud-tactics:Due Diligence'] |
Bad implementation
Process where an information system is deployed into a Production Environed with faults, errors or vulnerabilities
Internal MISP references
UUID b132c566-7656-5b2b-b157-5734c9e30cc8 which can be used as unique global reference for Bad implementation in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['fraud-tactics:Due Diligence'] |
Deployment Error
Implementation of a system, solution or service not according to defined and tested best practices.
Internal MISP references
UUID dd09e952-7992-5a37-a9c4-ed978d89a939 which can be used as unique global reference for Deployment Error in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['fraud-tactics:Due Diligence'] |
Merchant Negligence
Merchants not following best practice procedures to avoid criminal or fraudulent activity,
Internal MISP references
UUID 39a06139-ece8-5d8c-947e-cf0b4dbdccf6 which can be used as unique global reference for Merchant Negligence in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['fraud-tactics:Due Diligence'] |
Implementation not according to Standards
Implementation of a sstem, solution or service not according to defined and tested standards
Internal MISP references
UUID a52f8c2e-4a38-5b1b-a4b0-4710606cd86f which can be used as unique global reference for Implementation not according to Standards in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| kill_chain | ['fraud-tactics:Due Diligence'] |