Principles of MITRE ATT&CK in the fraud domain. The framwork is divided in six tactics, each with a subset of techniques. The following table illustrates the current tactics and techniques.
| Initiation | Target Compromise | Perform Fraud | Obtain Fraudulent Assets | Assets Transfer | Monetization |
|---|---|---|---|---|---|
| Phishing | Malware | Insider Trading | Compromised payment cards | SWIFT transaction | ATM jackpotting |
| Spear Phishing | Account-Checking Services | Business Email Compromise | Compromised account credentials | Fund Transfer | Money Mules |
| Vishing | ATM Black Box Attack | Scam | Compromised Personally Identifiable Information (PII) | Cryptocurrency exchange | Fund Transfer |
| Social Media Scams | CxO Fraud | Compromised Intellectual Property (IP) | Prepaid Cards | ||
| Smishing | Resell Stolen Data | ||||
| ATM Skimming | ATM Explosive Attack | ||||
| ATM Shimming | |||||
| POS Skimming |
Candidates for future inclusion:
- Telecom Fraud
- Letter of Credit Fraud
- SIM Swap (TA: Target Compromise)