This guide was created by the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), and Multi-State Information Sharing and Analysis Center (MS-ISAC) to outline phishing techniques malicious actors commonly use and to provide guidance for both network defenders and software manufacturers. Phishing Guidance: Stopping the Attack Cycle at Phase One contains guidance for network defenders, applicable to all organizations, and for software manufacturers that focuses on secure-by-design and -default tactics and techniques. Additionally, the guide contains a section tailored for small and medium-sized businesses to aid in protecting their cyber resources from evolving phishing threats.
Phishing Guidance – Stopping the Attack Cycle at Phase One_508c.pdf
Source: CISA.gov