After the final phase of the Cyber Kill Chain has been completed, phishing techniques are recycled. Phishing is a form of social engineering that manipulates an individual to divulge personal or sensitive information. Popular phishing techniques are listed:

• Content Injection – Threat actors insert malicious content onto social networks.
• Domain Name System (DNS) Spoofing or Poisoning – Threat actors are able to redirect website traffic using fake DNS information.
• Man-in-the-Middle (MITM) – Threat actors are able to intercept connections between sender and receiver, occurring at different levels of the Open Systems Interconnection (OSI) model.
• Session Hijacking – Threat actors gain access to an established client-session and session ID with sensitive data.  Copying and pasting are common ploys used by threat actors.

Bytes have been stolen, what’s next? For data brokers with criminal intent, the next step is selling on the dark web if sale to original data owner fails.   Several large bytes of data have been surfing on the dark web for years.  Alex Ford, owner of PoliceOne.com, confirmed a 2015 cyber-attack, which 715,000 registered law enforcement members’ data were lost.  Berkut, a data broker, was able to confirm Ford’s data for sale.  Health care records are frequently targeted.  Seals’ article mentions that 655K health care records are for sale, and a data broker known as thedarkoverlord remarked, “Someone wanted to buy all the Blue Cross Blue Shield Insurance records specifically.”  Also, they have received $100,000 for some data.   Finkle report reveals U.S. residents personal data were being sold for prices between 50 cents and $2.50 per record on SSNDOB, using virtual currencies.  Although SSNDOB has been vulnerable to hactivist, its ownership is still a mystery.

^{Resources:
Computer Associates. “Types of Phishing Attacks.” 12 September 2007, PCWorld, https//www.pcworld.com/article/135293/article.html. Accessed 26 November 2017.
Finkle, J. “Data brokers D&B, LexisNexis, Altegrity report cyber attacks.” 25 September 2013, Reuters.com, https//www.reuters.com/article/us-cyberattacks-databrokers/data-brokers-db-lexisnexis-altegrity-report-cyber-attacks-idUSBRE98P03220130926. Accessed 26 November 2017.
Gillis. T. “The Bad Guys from Outside:Malware.” 29 April 2010, Ciscopress.com, http//www.ciscopress.com/articles/article.asp?p=1579061&seqNum=3. Accessed 26 November 2017.
GitHub, Inc.  https//github.com/vz-risk/VCDB/issues/10495. Accessed 24 November 2017.
Krebs, B. “Data Broker Giants Hacked by ID Theft Service.” 25 September 2013, KrebsonSecurity, https//krebsonsecurity.com/2013/09/data-broker-giants-hacked-by-id-theft-service/. Accessed 26 November 2017.
Seals, T. “655K Healthcare Records Go Up for Dark Web Sale, for Millions.” 27 June 2016, Infosecurity Magazine, https//www.infosecurity-magazine.com/news/655k-healthcare-records-go-up-for/. Accessed 26 November 2017.
Sobrier, J. “Facebook Phishing: Manual Session Hijacking.” 14 August 2013, Zscaler.com, https//www.zscaler.com/blogs/research/facebook-phishing-manual-session-hijacking. Accessed 26 November 2017. 
Whittaker, Z. “PoliceOne confirms hack; thousands of forum accounts for sale on the dark web.” 03 February 2017, Zero Day, http//www.zdnet.com/article/police-forum-hacked-thousands-of-records-for-sale-on-dark-web/. Accessed 26 November 2017.}