{"id":163,"date":"2019-10-06T06:10:49","date_gmt":"2019-10-06T05:10:49","guid":{"rendered":"http:\/\/soarexpert.com\/?page_id=163"},"modified":"2019-10-06T07:07:17","modified_gmt":"2019-10-06T06:07:17","slug":"phishing-playbook","status":"publish","type":"page","link":"https:\/\/soarexpert.com\/index.php\/phishing-playbook\/","title":{"rendered":"Phishing playbook"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-page\" data-elementor-id=\"163\" class=\"elementor elementor-163\">\n\t\t\t\t\t\t<div class=\"elementor-inner\">\n\t\t\t\t<div class=\"elementor-section-wrap\">\n\t\t\t\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-7d48aaa elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"7d48aaa\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t\t\t<div class=\"elementor-row\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-bc759aa\" data-id=\"bc759aa\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-column-wrap elementor-element-populated\">\n\t\t\t\t\t\t\t<div class=\"elementor-widget-wrap\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-b48e32e elementor-widget elementor-widget-text-editor\" data-id=\"b48e32e\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t<div class=\"elementor-text-editor elementor-clearfix\">\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-3e7ef95 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"3e7ef95\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t\t\t<div class=\"elementor-row\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-148e5e8\" data-id=\"148e5e8\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-column-wrap elementor-element-populated\">\n\t\t\t\t\t\t\t<div class=\"elementor-widget-wrap\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-2782141 elementor-widget elementor-widget-text-editor\" data-id=\"2782141\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t<div class=\"elementor-text-editor elementor-clearfix\">\n\t\t\t\t<p style=\"text-align: left;\"><span style=\"font-family: arial, helvetica, sans-serif;\">Phishing is a cybercrime in which a target or targets are contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking, and credit card details, and passwords.<\/span><\/p><p style=\"text-align: left;\"><span style=\"font-family: arial, helvetica, sans-serif;\">Either the victim is sent a malicious attachment (such as a .XLS or .DOC file extension), or a malicious link to click on. It is important to note here that Phishing attacks have also become highly specialized, such as those of Spear Phishing and Business E-Mail Compromise (BEC). In these instances, a certain individual, or groups of individuals are specifically targeted.<\/span><\/p><p style=\"text-align: left;\"><span style=\"font-family: arial, helvetica, sans-serif;\">However, once the damage is done, efforts need to be taken to mitigate the damage and try to find ways so that these types of attacks don\u2019t happen again. This \u2018Playbook\u201d outlines the phases you need to take in such situations.<\/span><\/p><p style=\"text-align: left;\"><span style=\"font-family: arial, helvetica, sans-serif;\"><img loading=\"lazy\" style=\"text-align: left;\" src=\"https:\/\/i0.wp.com\/soarexpert.com\/wp-content\/uploads\/2019\/10\/2019-10-06_8-33-10.png?resize=267%2C90\" alt=\"\" width=\"267\" height=\"90\" data-recalc-dims=\"1\" \/><\/span><\/p><table class=\" alignleft\" style=\"width: 0%; height: 39px;\"><tbody><tr><td width=\"163\">\u00a0<\/td><\/tr><tr><td>\u00a0<\/td><td>\u00a0<\/td><\/tr><\/tbody><\/table><p style=\"text-align: left;\"><span style=\"letter-spacing: 1px; text-align: justify; font-family: arial, helvetica, sans-serif;\">\u00a0 \u00a0 At this stage, an alert is \u201csounded\u201d of an impending Phishing attack, and it must be further investigated into. It is important\u00a0 \u00a0 \u00a0 to collect as much information and data about the E-Mail, and here is the items that should be captured &amp; the questions we\u00a0 \u00a0 \u00a0 need to ask:<\/span><\/p><p style=\"text-align: left;\"><span style=\"font-family: arial, helvetica, sans-serif;\"><span style=\"letter-spacing: 1px; text-align: justify;\">\u00a0<\/span><img loading=\"lazy\" style=\"text-align: left;\" src=\"https:\/\/i0.wp.com\/soarexpert.com\/wp-content\/uploads\/2019\/10\/2019-10-06_8-32-30.png?resize=300%2C291\" alt=\"\" width=\"300\" height=\"291\" data-recalc-dims=\"1\" \/><\/span><\/p><p style=\"text-align: left;\"><span style=\"font-family: arial, helvetica, sans-serif;\">Carefully examine the E-Mail message, if there is actions like file investigation, link examination, picture stenography, etc,\u00a0 \u00a0 \u00a0 \u00a0Use all necessary precautions and perform the various investigations in a controlled and isolated environment<\/span><\/p><p style=\"text-align: left;\"><span style=\"font-family: arial, helvetica, sans-serif;\"><img loading=\"lazy\" style=\"transition-duration: 1s;\" src=\"https:\/\/i0.wp.com\/soarexpert.com\/wp-content\/uploads\/2019\/10\/2019-10-06_8-33-53.png?resize=263%2C86\" alt=\"\" width=\"263\" height=\"86\" data-recalc-dims=\"1\" \/><\/span><\/p><p style=\"text-align: left;\"><span style=\"font-family: arial, helvetica, sans-serif;\">If the above preliminary investigation discovers that an actual Phishing attack is underway, then the following steps must be\u00a0 \u00a0 accomplished:<\/span><\/p><ul style=\"text-align: left;\"><li><span style=\"font-family: arial, helvetica, sans-serif;\">The specific kind of Phishing\u00a0E-Mail it is. For example, is it a:<\/span><ul><li><span style=\"font-family: arial, helvetica, sans-serif;\">BEC (Business Email Compromise)<\/span><\/li><li><span style=\"font-family: arial, helvetica, sans-serif;\">Spear Phishing (where one particular individual or individuals are targeted);<\/span><\/li><li><span style=\"font-family: arial, helvetica, sans-serif;\">Clone Phishing (where an original E-Mail message has been transformed into a malicious one);<\/span><\/li><li><span style=\"font-family: arial, helvetica, sans-serif;\">Whaling (this is similar to BEC, but primarily C-Level Executives are specifically targeted);<\/span><\/li><li><span style=\"font-family: arial, helvetica, sans-serif;\">Link Manipulation (this where a spoofed website is involved);<\/span><\/li><li><span style=\"font-family: arial, helvetica, sans-serif;\">Website Forgery (this is where JavaScript code is used to alter the URL bar maliciously);<\/span><\/li><li><span style=\"font-family: arial, helvetica, sans-serif;\">Covert Redirect (this when a website address looks genuine and authentic, but the victim is taken to a spoofed website);<\/span><\/li><li><span style=\"font-family: arial, helvetica, sans-serif;\">Social Engineering (this occurs typically in a business environment where lower-ranking employees [such as administrative assistants] are targeted and conned to give out corporate secrets);<\/span><\/li><li><span style=\"font-family: arial, helvetica, sans-serif;\">SMS (in these instances, wireless devices, primarily Smartphones are targeted, and malicious text messages are sent instead).<\/span><\/li><\/ul><\/li><\/ul><p style=\"text-align: left;\"><span style=\"font-family: arial, helvetica, sans-serif;\">Once the above has been determined, then determine the priority level (this will be on a scale that you have determined, for instance, low priority to medium priority to high priority [this would be considered to be a \u201cSevere\u201d type of ranking]).\u00a0 \u00a0 <\/span><span style=\"font-family: arial, helvetica, sans-serif;\">From there, then notify the IT staff, primarily those involved with the Security aspects of the organization, that an attack is\u00a0 \u00a0 \u00a0 underway if they are not aware of the situation already.<\/span><\/p><p style=\"text-align: left;\"><span style=\"font-family: arial, helvetica, sans-serif;\">At this phase, the actual E-Mail message and its contents need to examined carefully, the and degree of damage needs to be ascertained. Regarding the former, the following must be looked into:<\/span><\/p><ul style=\"text-align: left;\"><li><span style=\"font-family: arial, helvetica, sans-serif;\">\u00a0 Analysis of the E-Mail Header:<\/span><ul><li><span style=\"font-family: arial, helvetica, sans-serif;\">The From Field: This will contain the name of the sender;<\/span><\/li><li><span style=\"font-family: arial, helvetica, sans-serif;\">X-Authenticated User: This will contain the E-Mail address of the sender (such as\u00a0johndoe@anywhere.com);<\/span><\/li><li><span style=\"font-family: arial, helvetica, sans-serif;\">The Mail <strong>Server IP Address<\/strong>: This will contain the <strong>actual TCP\/IP address of the E-Mail server from where the Phishing E-Mail was sent.<\/strong> It is important to keep in mind as well that the physical location of the E-Mail server does not necessarily imply that the Cyber attacker is located in that geographic as well. Many times, they will be in a separate location from that of the E-Mail server<\/span><\/li><li><span style=\"font-family: arial, helvetica, sans-serif;\">.<\/span><\/li><\/ul><\/li><li><span style=\"font-family: arial, helvetica, sans-serif;\">Analysis of the E-Mail message:<\/span><ul><li><span style=\"font-family: arial, helvetica, sans-serif;\">At this phase, the actual contents of the E-Mail message need to be examined carefully, as there are many telltale signs which can be difficult to spot at first glance.<\/span><\/li><li><span style=\"font-family: arial, helvetica, sans-serif;\">Analysis of the Domain Link:<\/span><\/li><li><span style=\"font-family: arial, helvetica, sans-serif;\">If the Phishing E-Mail contains a suspicious link, as stated before, carefully examine the spoofed website, and determine where the data on the website is actually posted (such as the determining the TCP\/IP address of the Web server that hosts the spoofed website, etc.).<\/span><\/li><li>\u00a0<\/li><\/ul><\/li><\/ul><p style=\"text-align: left;\"><span style=\"font-family: arial, helvetica, sans-serif;\"><img loading=\"lazy\" src=\"https:\/\/i0.wp.com\/soarexpert.com\/wp-content\/uploads\/2019\/10\/2019-10-06_8-34-18.png?resize=260%2C87\" alt=\"\" width=\"260\" height=\"87\" data-recalc-dims=\"1\" \/><\/span><\/p><p style=\"text-align: left;\"><span style=\"font-family: arial, helvetica, sans-serif;\">At this phase, the actual E-Mail message and its contents need to examined carefully, the and degree of damage needs to be ascertained. Regarding the former, the following must be looked into:<\/span><\/p><ul style=\"text-align: left;\"><li><span style=\"font-family: arial, helvetica, sans-serif;\">\u00a0 Analysis of the E-Mail Header:<\/span><ul><li><span style=\"font-family: arial, helvetica, sans-serif;\">The From Field: This will contain the name of the sender;<\/span><\/li><li><span style=\"font-family: arial, helvetica, sans-serif;\">X-Authenticated User: This will contain the E-Mail address of the sender (such as\u00a0<a href=\"mailto:johndoe@anywhere.com\">johndoe@anywhere.com<\/a>);<\/span><\/li><li><span style=\"font-family: arial, helvetica, sans-serif;\">The Mail Server IP Address: This will contain the actual TCP\/IP address of the E-Mail server from where the Phishing E-Mail was sent. It is important to keep in mind as well that the physical location of the E-Mail server does not necessarily imply that the Cyber attacker is located in that geographic as well. Many times, they will be in a separate location from that of the E-Mail server.<\/span><\/li><\/ul><\/li><li><span style=\"font-family: arial, helvetica, sans-serif;\">Analysis of the E-Mail message:<\/span><ul><li><span style=\"font-family: arial, helvetica, sans-serif;\">At this phase, the actual contents of the E-Mail message need to be examined carefully, as there are many telltale signs which can be difficult to spot at first glance.<\/span><\/li><li><span style=\"font-family: arial, helvetica, sans-serif;\">Analysis of the Domain Link:<\/span><\/li><li><span style=\"font-family: arial, helvetica, sans-serif;\">If the Phishing E-Mail contains a suspicious link, as stated before, carefully examine the spoofed website, and determine where the data on the website is actually posted (such as the determining the TCP\/IP address of the Web server that hosts the spoofed website, etc.).<\/span><\/li><\/ul><\/li><\/ul><p style=\"text-align: left;\"><span style=\"font-family: arial, helvetica, sans-serif;\">With regards to the latter point in this part, the level and\/or severity of the damage needs to be ascertained and ultimately\u00a0 \u00a0 determined. Examples of this include the following:<\/span><\/p><ul style=\"text-align: left;\"><li><span style=\"font-family: arial, helvetica, sans-serif;\">The total number of impacted employees;<\/span><\/li><li><span style=\"font-family: arial, helvetica, sans-serif;\">What actions were carried out by the employees with regards to the Phishing E-Mail, for instance:<\/span><ul><li><span style=\"font-family: arial, helvetica, sans-serif;\">Did they download an attachment;<\/span><\/li><li><span style=\"font-family: arial, helvetica, sans-serif;\">Alternatively, did they go to a spoofed website and unknowingly submitted their personal information, or even sensitive business login information.<\/span><\/li><\/ul><\/li><li><span style=\"font-family: arial, helvetica, sans-serif;\">\u00a0 What was impacted:<\/span><ul><li><span style=\"font-family: arial, helvetica, sans-serif;\">Servers;<\/span><\/li><li><span style=\"font-family: arial, helvetica, sans-serif;\">Workstations;<\/span><\/li><li><span style=\"font-family: arial, helvetica, sans-serif;\">Wireless Devices;<\/span><\/li><li><span style=\"font-family: arial, helvetica, sans-serif;\">The Network Infrastructure;<\/span><\/li><li><span style=\"font-family: arial, helvetica, sans-serif;\">Other aspects of the IT Infrastructure<\/span><\/li><li><span style=\"font-family: arial, helvetica, sans-serif;\"><img loading=\"lazy\" class=\"size-full wp-image-184 aligncenter\" src=\"https:\/\/i0.wp.com\/soarexpert.com\/wp-content\/uploads\/2019\/10\/2019-10-06_8-58-45.png?resize=263%2C87\" alt=\"\" width=\"263\" height=\"87\" data-recalc-dims=\"1\" \/><\/span><\/li><\/ul><\/li><\/ul><p style=\"font-style: inherit; font-weight: inherit; text-align: left;\"><span style=\"font-family: arial, helvetica, sans-serif;\">This is deemed to be one of the most critical phases; as this is where the damage of the Phishing attack will be contained. This will involve the following:<\/span><\/p><ul style=\"text-align: left;\"><li><span style=\"font-family: arial, helvetica, sans-serif;\">After determining whom the impacted employees are, immediately change their usernames and passwords;<\/span><\/li><li><span style=\"font-family: arial, helvetica, sans-serif;\">After determining the impacted points in the IT Infrastructure, also immediately change login credentials of the people who have access to those particular resources as well .<\/span><\/li><li><span style=\"font-family: arial, helvetica, sans-serif;\">\u00a0<\/span><\/li><li><span style=\"font-family: arial, helvetica, sans-serif;\">If the impacted points include Smartphones, immediately execute the \u201cRemote Wipe\u201d command to those affected Smartphones, so that any sort of sensitive information\/data that resides on them will be deleted and cannot be accessed. In these instances, have your employees return the affected Smartphones back, and issue new ones with usernames and passwords.<\/span><\/li><li><span style=\"font-family: arial, helvetica, sans-serif;\">\u00a0<\/span><\/li><li><span style=\"font-family: arial, helvetica, sans-serif;\">Continue to monitor all systems within your IT Infrastructure and all User Accounts for any misuse, or for any unusual anomalies that may be occurring. If any of these are happening, they you may want to consider shutting down those systems to conduct a more detailed investigation as to what is happening. However, this should be done with careful planning, as this could cause downtime in normal business operations.<\/span><\/li><li><strong><span style=\"font-family: arial, helvetica, sans-serif; font-size: 14pt;\">Risk Avoidance:<\/span><\/strong><\/li><\/ul><p style=\"font-style: inherit; font-weight: inherit; text-align: left;\"><span style=\"font-family: arial, helvetica, sans-serif;\">Once the damage has been contained, and all impacted points within the business or the corporation have been remedied, the final stage is to determine how to avoid this kind of Cyberattack (or for that matter, any other kind) from happening again. Some areas that should be considered are as follows:<\/span><\/p><ul style=\"text-align: left;\"><li><span style=\"font-family: arial, helvetica, sans-serif;\">Consider hiring an outside Cybersecurity firm to assist you in conducting a deep analysis of what really transpired. They can offer solutions that are specific to your situation, and even conduct various Penetration Testing techniques to determine if they are other unknown Security vulnerabilities in your organization.<\/span><\/li><li><span style=\"font-family: arial, helvetica, sans-serif;\">Always make sure that you are on a regular schedule of deploying software upgrades\/patches on all of your servers, workstations, and wireless devices. This includes making sure that the Web browsers across all workstations, wireless devices, and servers are up to date as well as making sure that you are making use of the latest antispyware\/antiphishing\/antimalware software packages.<\/span><\/li><li><span style=\"font-family: arial, helvetica, sans-serif;\">In a Phishing attack, in the end, it is always individuals that are impacted first, then the IT Infrastructure after the login data has been hijacked by the Cyber attacker. Therefore, the greatest emphasis must be placed on this area, which is employee awareness. In this consider the following:<\/span><ul><li><span style=\"font-family: arial, helvetica, sans-serif;\">\u00a0Conduct training programs at regular intervals (at a minimum at least once a quarter) with your employees. Teach them the\u00a0 \u00a0 \u00a0following:<\/span><ul><li><span style=\"font-family: arial, helvetica, sans-serif;\">What the signs of a Phishing E-Mail look like, paying careful attention to phony looking Sender names, sender domains, and in particular, any misspellings in either the subject line or the content of the E-Mail message.<\/span><\/li><li><span style=\"font-family: arial, helvetica, sans-serif;\">How to determine if a link is malicious, by explaining how to hover over the link in question to see if the domain on that matches up to what is displayed. If they do not match up, then the link is a malicious one.<\/span><\/li><li><span style=\"font-family: arial, helvetica, sans-serif;\">\u00a0<\/span><\/li><li><span style=\"font-family: arial, helvetica, sans-serif;\">If they receive an E-Mail or an attachment that they were not expecting, but it comes from somebody they know, to contact that particular sender first to determine if they really sent it or not. If not, they should be instructed to forward that E-Mail message to the IT Security staff; then it should be deleted from the inbox.<\/span><\/li><li><span style=\"font-family: arial, helvetica, sans-serif;\">Always instruct them to trust their instincts, and if anything looks suspicious, to report it, and again, delete the message from the inbox.<\/span><\/li><li><span style=\"font-family: arial, helvetica, sans-serif;\">\u00a0<\/span><\/li><li><span style=\"font-family: arial, helvetica, sans-serif;\">Instruct them how to verify the authenticity of any website that they may be using, especially paying attention to the \u201cHTTPS\u201d in the URL bar.<\/span><\/li><li><span style=\"font-family: arial, helvetica, sans-serif;\">Also, instruct them to never click on any type or kind of pop messages that they may receive on their work-related devices.<\/span><\/li><\/ul><\/li><li><span style=\"font-family: arial, helvetica, sans-serif;\">\u00a0 At random intervals, have the IT staff launch phony, Phishing E-Mails to see if they are picking up what you are teaching\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 them. If they open up that E-Mail message, then they should be immediately notified that they fell prey to a Phishing E-Mail\u00a0 \u00a0 and will require further training.<\/span><\/li><li><span style=\"font-family: arial, helvetica, sans-serif;\">\u00a0 Have your IT Staff, especially your Network Administrator, stay on top of the latest Phishing techniques.<\/span><\/li><li><span style=\"font-family: arial, helvetica, sans-serif;\">\u00a0<\/span><\/li><\/ul><\/li><li><span style=\"font-family: arial, helvetica, sans-serif;\">Install Ani Phishing toolbars on all servers, workstations, and wireless devices. These packages run checks on the websites that your employees are using against various databases of known Phishing websites.<\/span><\/li><li><span style=\"font-family: arial, helvetica, sans-serif;\">Make sure that your Network Infrastructure is up to date as well, by routinely testing your firewalls, network intrusion devices, and routers. Once again, a Cybersecurity firm can help you establish the appropriate protocols in conducting these tasks.<\/span><\/li><li><span style=\"font-family: arial, helvetica, sans-serif;\">\u00a0<\/span><\/li><li><span style=\"font-family: arial, helvetica, sans-serif;\">Determine what controls have failed and take the necessary steps to either rectify them or implement new ones instead.<\/span><\/li><li><span style=\"font-family: arial, helvetica, sans-serif;\">Implement a special hotline where employees can get into direct contact with the appropriate IT staff in case they see or witness anything suspicious that is associated with a Phishing attack (of course, they should also be able to report any other Security issues as well).<\/span><\/li><\/ul><h1 style=\"font-weight: inherit; text-align: left;\"><span style=\"font-family: arial, helvetica, sans-serif;\">Conclusions<\/span><\/h1><p style=\"text-align: left;\"><span style=\"font-family: arial, helvetica, sans-serif;\">Overall, this Playbook has reviewed the necessary steps that you need to take in case your business or corporation is impacted by a Phishing attack. The biggest takeaway is that avoiding such types of threats in the future takes a combination of both making sure that your Security technology is up to date, and that your employees are taught how to have a proactive mindset in keeping their guard up for any suspicious types and kinds of activity and to report them immediately.<\/span><\/p><p style=\"text-align: left;\"><span style=\"font-family: arial, helvetica, sans-serif;\"><strong>Sources<\/strong><\/span><\/p><ol><li style=\"text-align: left;\"><span style=\"font-family: arial, helvetica, sans-serif;\"><a href=\"https:\/\/www.demisto.com\/phishing-incident-response-playbook\/\">https:\/\/www.demisto.com\/phishing-incident-response-playbook\/<\/a><\/span><\/li><li style=\"text-align: left;\"><span style=\"font-family: arial, helvetica, sans-serif;\"><a href=\"https:\/\/blog.rapid7.com\/2016\/06\/21\/a-layered-approach-to-handling-phishing-attacks\/\">https:\/\/blog.rapid7.com\/2016\/06\/21\/a-layered-approach-to-handling-phishing-attacks\/<\/a><\/span><\/li><li style=\"text-align: left;\"><span style=\"font-family: arial, helvetica, sans-serif;\"><a href=\"https:\/\/resources.infosecinstitute.com\/the-phishing-response-playbook\/\">https:\/\/resources.infosecinstitute.com\/the-phishing-response-playbook\/<\/a><\/span><\/li><\/ol>\t\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>Phishing is a cybercrime in which a target or targets are contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking, and credit card details, and passwords. Either the victim is sent a malicious attachment (such as a [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"spay_email":""},"_links":{"self":[{"href":"https:\/\/soarexpert.com\/index.php\/wp-json\/wp\/v2\/pages\/163"}],"collection":[{"href":"https:\/\/soarexpert.com\/index.php\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/soarexpert.com\/index.php\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/soarexpert.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/soarexpert.com\/index.php\/wp-json\/wp\/v2\/comments?post=163"}],"version-history":[{"count":14,"href":"https:\/\/soarexpert.com\/index.php\/wp-json\/wp\/v2\/pages\/163\/revisions"}],"predecessor-version":[{"id":188,"href":"https:\/\/soarexpert.com\/index.php\/wp-json\/wp\/v2\/pages\/163\/revisions\/188"}],"wp:attachment":[{"href":"https:\/\/soarexpert.com\/index.php\/wp-json\/wp\/v2\/media?parent=163"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}