- Home
- Techniques
- Enterprise
- Establish Accounts
- Email Accounts
Establish Accounts: Email Accounts
Other sub-techniques of Establish Accounts (2)
ID | Name |
---|---|
T1585.001 | Social Media Accounts |
T1585.002 | Email Accounts |
Before compromising a victim, adversaries may create email accounts that can be used during targeting. Adversaries can use accounts created with email providers to further their operations, such as leveraging them to conduct Phishing for Information or Phishing.[1] Adversaries may also take steps to cultivate a persona around the email account, such as through use of Social Media Accounts, to increase the chance of success of follow-on behaviors. Created email accounts can also be used in the acquisition of infrastructure (ex: Domains).[1]
To decrease the chance of physically tying back operations to themselves, adversaries may make use of disposable email services.[2]
Procedure Examples
Name | Description |
---|---|
APT1 |
APT1 has created email accounts for later use in social engineering, phishing, and when registering domains.[1] |
Mitigations
Mitigation | Description |
---|---|
Pre-compromise |
This technique cannot be easily mitigated with preventive controls since it is based on behaviors performed outside of the scope of enterprise defenses and controls. |
Detection
Much of this activity will take place outside the visibility of the target organization, making detection of this behavior difficult. Detection efforts may be focused on related stages of the adversary lifecycle, such as during Initial Access (ex: Phishing).