attck4fraud

Principles of MITRE ATT&CK in the fraud domain. The framwork is divided in six tactics, each with a subset of techniques. The following table illustrates the current tactics and techniques.

| Initiation | Target Compromise | Perform Fraud | Obtain Fraudulent Assets | Assets Transfer | Monetization | | --- | --- | --- | --- | --- | --- | | Phishing | Malware | Insider Trading | Compromised payment cards | SWIFT transaction | ATM jackpotting | | Spear Phishing | Account-Checking Services | Business Email Compromise | Compromised account credentials | Fund Transfer | Money Mules | | Vishing | ATM Black Box Attack | Scam | Compromised Personally Identifiable Information (PII) | Cryptocurrency exchange | Fund Transfer | | Social Media Scams | | CxO Fraud | Compromised Intellectual Property (IP) | | Prepaid Cards | | Smishing | | | | | Resell Stolen Data | | ATM Skimming | | | | | ATM Explosive Attack | | ATM Shimming | | | | | | | POS Skimming | | | | | |

Candidates for future inclusion:

• Telecom Fraud
• Letter of Credit Fraud
• SIM Swap (TA: Target Compromise)