Phishing Campaign

A Phishing Campaign targets a large group of users with the hopes that a few fall for the attack and let the Attacker in.

In-Game Card
Exploit a User or Group.

Real-Life Concept
Real phishing campaigns target human users. They always feature some kind of social aspect to the attack like a message requesting the user to perform an action, and they often include a technical component to the attack as well. Phishing is most often associated with email messages but it can be done across any medium. Users can be phished across SMS (smishing) or even a phone call (vishing).

Some of the oldest phishing attacks were the Nigerian prince (419) scams. The attacker would email users with a sob story about being a Nigerian royal who wants to move their wealth out of the country and will share it with the user if they share their banking information with the attacker. Modern phishing attacks might ask a user to open an attached file that is malicious or browse to a web site that attempts to exploit vulnerabilities in the web browser software.

Mitigations
Users should be aware of the possibility of a phishing campaign and be able to recognize tell-tale signs of it. Research shows that awareness training programs are most effective with they are both regular and recurring.