MITRE ATT&CK / T1114
T1114
Email Collection
Collection
Description
Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Emails may also contain details of ongoing incident response operations, which may allow adversaries to adjust their techniques in order to maintain persistence or evade defenses.(Citation: TrustedSec OOB Communications)(Citation: CISA AA20-352A 2021) Adversaries can collect or forward email from mail servers or clients.
Platforms
WindowsmacOSLinuxOffice Suite
Mitigations
- M1032 — Multi-factor Authentication
- M1060 — Out-of-Band Communications Channel
- M1041 — Encrypt Sensitive Information
- M1047 — Audit
Look up any technique
Use our free MITRE ATT&CK lookup tool, or browse the full ATT&CK matrix.
Our coverage
Source: MITRE ATT&CK Enterprise matrix. View on attack.mitre.org →