{"id":2972,"date":"2019-12-12T04:13:46","date_gmt":"2019-12-12T04:13:46","guid":{"rendered":"https:\/\/davidpapkin.net\/?p=2972"},"modified":"2019-12-12T04:13:46","modified_gmt":"2019-12-12T04:13:46","slug":"spear-phishing-by-david-papkin","status":"publish","type":"post","link":"https:\/\/davidpapkin.com\/?p=2972","title":{"rendered":"Spear Phishing by David Papkin"},"content":{"rendered":"<p>This David Papkin post on spear phishing is derived from Microsoft post\u00a0 <a href=\"https:\/\/www.microsoft.com\/security\/blog\/2019\/12\/02\/spear-phishing-campaigns-sharper-than-you-think\/\">Spear phishing campaigns\u2014they\u2019re sharper than you think<\/a><\/p>\n<section class=\"m-highlight-feature f-lean single-post-hero\" data-grid=\"col-12\">\n<div class=\"\"><time class=\"entry-date published\" datetime=\"2019-12-02T09:00:15+00:00\">December 2, 2019<\/time><\/p>\n<h1 class=\"c-heading\">Spear phishing campaigns\u2014<wbr \/>they\u2019re sharper than you think<\/h1>\n<div class=\"author-information\">\n<div class=\"author-details\">\n<ul class=\"authors\">\n<li class=\"author-item\"><span class=\"author-name\">Diana Kelley<\/span>\u00a0<span class=\"author-title\">Cybersecurity Field CTO<\/span><\/li>\n<li class=\"author-item\"><span class=\"author-name\">Seema Kathuria<\/span>\u00a0<span class=\"author-title\">Senior Manager, Cybersecurity Solutions Group<\/span><\/li>\n<\/ul>\n<\/div>\n<\/div>\n<\/div>\n<\/section>\n<section class=\"wrap\" data-grid=\"container stack-3\"><main id=\"mainContent\" class=\"primary\" role=\"main\" data-grid=\"col-12\"><\/p>\n<article class=\"post-90238 post type-post status-publish format-standard has-post-thumbnail hentry category-ciso-series category-microsoft-defender-advanced-threat-protection category-phishing tag-ciso-series-page tag-microsoft-defender-atp tag-phishing\">\n<div class=\"m-social f-horizontal f-share\">\n<div class=\"custom-images\"><\/div>\n<\/div>\n<div class=\"entry-content\">\n<p>Even your most security-savvy users may have difficulty identifying honed spear phishing campaigns. Unlike traditional phishing campaigns that are blasted to a large email list in hopes that just one person will bite, advanced spear phishing campaigns are highly targeted and personal. They are so targeted, in fact, that we sometimes refer to them as \u201claser\u201d phishing. And because these attacks are so focused, even tech-savvy executives and other senior managers have been duped into handing over money and sensitive files by a well-targeted email. That\u2019s how good they are.<\/p>\n<p>Even though spear phishing campaigns can be highly effective, they aren\u2019t foolproof. If you understand how they work, you can put measures in place to reduce their power. Today, we provide an overview of how these campaigns work and steps you can take to better protect your organization and users.<\/p>\n<p><a href=\"https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/12\/Spear-phishing-1.png\" target=\"_blank\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-90239 size-full\" src=\"https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/12\/Spear-phishing-1.png\" sizes=\"auto, (max-width: 1471px) 100vw, 1471px\" srcset=\"https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/12\/Spear-phishing-1.png 1471w, https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/12\/Spear-phishing-1-300x139.png 300w, https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/12\/Spear-phishing-1-768x355.png 768w, https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/12\/Spear-phishing-1-1024x473.png 1024w, https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/12\/Spear-phishing-1-930x430.png 930w, https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/12\/Spear-phishing-1-767x355.png 767w, https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/12\/Spear-phishing-1-539x249.png 539w, https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/12\/Spear-phishing-1-465x215.png 465w\" alt=\"Graph showing that the percentage of inbound emails associated with phishing on average increased in the past year.\" width=\"1471\" height=\"680\" \/><\/a><\/p>\n<p><em>Figure 1. Percentage of inbound emails associated with phishing on average increased in the past year, according to Microsoft security research (source:\u00a0<\/em><a href=\"https:\/\/www.microsoft.com\/securityinsights\" target=\"_blank\" rel=\"noopener noreferrer\"><em>Microsoft Security Intelligence Report<\/em><\/a><em>).<\/em><\/p>\n<h3>Step 1: Select the victims<\/h3>\n<p>To illustrate how clever some of these campaigns are, imagine a busy recruiter who is responsible for filling several IT positions. The IT director is under a deadline and desperate for good candidates. The recruiter posts the open roles on their social networks asking people to refer leads. A few days later they receive an email from a prospective candidate who describes the role in the email. The recruiter opens the attached resume and inadvertently infects their computer with malware. They have just been duped by a spear phisher.<\/p>\n<p><strong>How did it happen?<\/strong><\/p>\n<p>In a spear phishing campaign, the first thing an attacker needs to do is identify the victims. These are typically individuals who have access to the data the attacker wants. In this instance, the attackers want to infiltrate the human resources department because they want to exfiltrate employee social security numbers. To identify potential candidates they conduct extensive research, such as:<\/p>\n<ul>\n<li><span class=\"inner-wrap\">Review corporate websites to gain insight into processes, departments, and locations.<\/span><\/li>\n<li><span class=\"inner-wrap\">Use scripts to harvest email addresses.<\/span><\/li>\n<li><span class=\"inner-wrap\">Follow company social media accounts to understand company roles and the relationships between different people and departments.<\/span><\/li>\n<\/ul>\n<p>In our example, the attackers learned by browsing the website that the convention for emails is\u00a0<strong>first.last@company.com<\/strong>. They browsed the website, social media, and other digital sources for human resources professionals and potential hooks. It didn\u2019t take long to notice several job openings. Once the recruiter shared details of jobs online, would-be attackers had everything they needed.<\/p>\n<p><strong>Why it might work:<\/strong>\u00a0In this instance it would be logical for the victim to open the attachment. One of their job responsibilities is to collect resumes from people they don\u2019t know.<\/p>\n<p><a href=\"https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/12\/Spear-phishing-2.png\" target=\"_blank\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-90240 size-full\" src=\"https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/12\/Spear-phishing-2.png\" sizes=\"auto, (max-width: 1275px) 100vw, 1275px\" srcset=\"https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/12\/Spear-phishing-2.png 1275w, https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/12\/Spear-phishing-2-300x81.png 300w, https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/12\/Spear-phishing-2-768x208.png 768w, https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/12\/Spear-phishing-2-1024x278.png 1024w\" alt=\"Infographic showing the typical campaign path for phish emails, from Reconnaissance to Exfiltration.\" width=\"1275\" height=\"346\" \/><\/a><\/p>\n<p><em>Figure 2. Research and the attack are the first steps in a longer strategy to exfiltrate sensitive data.<\/em><\/p>\n<h3>Step 2: Identify the credible source<\/h3>\n<p>Now let\u2019s consider a new executive who receives an email late at night from their boss, the CEO. The CEO is on a trip to China meeting with a vendor, and in the email, the CEO references the city they\u2019re in and requests that the executive immediately wire $10,000 to pay the vendor. The executive wants to impress the new boss, so they jump on the request right away.<\/p>\n<p><strong>How did it happen?<\/strong><\/p>\n<p>In spear phishing schemes, the attacker needs to identify a credible source whose emails the victim will open and act on. This could be someone who appears to be internal to the company, a friend, or someone from a partner organization. Research into the victim\u2019s relationships informs this selection. In the first example, we imagined a would-be job seeker that the victim doesn\u2019t know. However, in many spear phishing campaigns, such as with our executive, the credible source is someone the victim knows.<\/p>\n<p>To execute the spear phishing campaign against the executive, the attackers uncovered the following information:<\/p>\n<ul>\n<li><span class=\"inner-wrap\">Identified senior leaders at the company who have authority to sign off on large sums of money.<\/span><\/li>\n<li><span class=\"inner-wrap\">Selected the CEO as the credible source who is most likely to ask for the money.<\/span><\/li>\n<li><span class=\"inner-wrap\">Discovered details about the CEO\u2019s upcoming trip based on social media posts.<\/span><\/li>\n<\/ul>\n<p><strong>Why it might work:<\/strong>\u00a0Targeting executives by impersonating the CEO is increasingly common\u2014<wbr \/>some refer to it as whale phishing. Executives have more authority and access to information and resources than the average employee. People are inclined to respond quickly when the boss emails\u2014<wbr \/>especially if they say it\u2019s urgent. This scenario takes advantage of those human power dynamics.<\/p>\n<p><a href=\"https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/12\/Spear-phishing-3.png\" target=\"_blank\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-90241 size-full\" src=\"https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/12\/Spear-phishing-3.png\" sizes=\"auto, (max-width: 1269px) 100vw, 1269px\" srcset=\"https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/12\/Spear-phishing-3.png 1269w, https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/12\/Spear-phishing-3-300x177.png 300w, https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/12\/Spear-phishing-3-768x454.png 768w, https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/12\/Spear-phishing-3-1024x605.png 1024w, https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/12\/Spear-phishing-3-440x260.png 440w\" alt=\"Infographic of the Attack Spectrum, from Broad to Targeted.\" width=\"1269\" height=\"750\" \/><\/a><\/p>\n<p><em>Figure 3. The more targeted the campaign, the bigger the potential payoff.<\/em><\/p>\n<h3>Step 3: Victim acts on the request<\/h3>\n<p>The final step in the process is for the victim to act on the request. In our first example, the human resources recruiter could have initiated a payload that would take over his computer or provide a tunnel for the attacker to access information. In our second scenario, the victim could have wired large sums of money to a fraudulent actor. If the victim does accidentally open the spear phishing email and respond to the call to action, open a malicious attachment, or visit an infected webpage, the following could happen:<\/p>\n<ul>\n<li><span class=\"inner-wrap\">The machine could be infected with malware.<\/span><\/li>\n<li><span class=\"inner-wrap\">Confidential information could be shared with an adversary.<\/span><\/li>\n<li><span class=\"inner-wrap\">A fraudulent payment could be made to an adversary.<\/span><\/li>\n<\/ul>\n<h3>Catch more phishy emails<\/h3>\n<p>Attackers have improved their phishing campaigns to better target your users, but there are steps you can take to reduce the odds that employees will respond to the call to action. We recommend that you do the following:<\/p>\n<p><a href=\"https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/12\/Spear-phishing-4.jpg\" target=\"_blank\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-90244 size-full\" src=\"https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/12\/Spear-phishing-4-smaller.jpg\" sizes=\"auto, (max-width: 600px) 100vw, 600px\" srcset=\"https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/12\/Spear-phishing-4-smaller.jpg 600w, https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/12\/Spear-phishing-4-smaller-300x200.jpg 300w, https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/12\/Spear-phishing-4-smaller-293x195.jpg 293w\" alt=\"\" width=\"600\" height=\"400\" \/><\/a><\/p>\n<ul>\n<li><span class=\"inner-wrap\"><strong>Educate users on how to detect phishing emails<\/strong>\u2014Spear phishing emails do a great job of effectively impersonating a credible source; however, there are often small details that can give them away. Help users identify phish using training tools that simulate a real phish. Here are a few tells that are found in some phish that you can incorporate into your training:<\/span>\n<ul>\n<li><span class=\"inner-wrap\">An incorrect email address or one that resembles what you expect but is slightly off.<\/span><\/li>\n<li><span class=\"inner-wrap\">A sense of urgency coupled with a request to break company policy. For example, fast tracking payments without the usual checks and procedures.<\/span><\/li>\n<li><span class=\"inner-wrap\">Emotive language to evoke sympathy or fear. For example, the impersonated CEO might say you\u2019re letting them down if you do not make the urgent payment.<\/span><\/li>\n<li><span class=\"inner-wrap\">Inconsistent wording or terminology. Does the business lingo align with company conventions? Does the source typically use those words?<\/span><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p><a href=\"https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/12\/Spear-phishing-5.jpg\" target=\"_blank\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-90246 size-full\" src=\"https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/12\/Spear-phishing-5-smaller.jpg\" sizes=\"auto, (max-width: 600px) 100vw, 600px\" srcset=\"https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/12\/Spear-phishing-5-smaller.jpg 600w, https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/12\/Spear-phishing-5-smaller-300x200.jpg 300w, https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/12\/Spear-phishing-5-smaller-293x195.jpg 293w\" alt=\"\" width=\"600\" height=\"400\" \/><\/a><\/p>\n<ul>\n<li><span class=\"inner-wrap\"><strong>Encourage users to communicate potential phishing emails<\/strong>\u2014It\u2019s important that users flag phishing emails to the proper team. This can be done natively within many enterprise email systems. It can also be helpful if users talk with their peers about the phishing emails they receive. Spear phishers typically don\u2019t send blast emails; however, they may select several people from the same department or with business relationships. Talking will alert other users to be on the lookout for phishy emails.<\/span><\/li>\n<\/ul>\n<p><a href=\"https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/12\/Spear-phishing-6.jpg\" target=\"_blank\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-90248 size-full\" src=\"https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/12\/Spear-phishing-6-smaller.jpg\" sizes=\"auto, (max-width: 600px) 100vw, 600px\" srcset=\"https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/12\/Spear-phishing-6-smaller.jpg 600w, https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/12\/Spear-phishing-6-smaller-300x200.jpg 300w, https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/12\/Spear-phishing-6-smaller-293x195.jpg 293w\" alt=\"\" width=\"600\" height=\"400\" \/><\/a><\/p>\n<ul>\n<li><span class=\"inner-wrap\"><strong>Secure your identities<\/strong>\u2014A spear phishing campaign is often the first step that an attacker takes to gain more privileged access to company resources. If they succeed in duping a victim, you can reduce the damage with modern authentication techniques. For example\u00a0<a href=\"https:\/\/www.microsoft.com\/security\/blog\/2019\/08\/20\/one-simple-action-you-can-take-to-prevent-99-9-percent-of-account-attacks\/\" target=\"_blank\" rel=\"noopener noreferrer\">multi-factor authentication (MFA) can block over 99.9 percent of account compromise attacks<\/a>.<\/span><\/li>\n<\/ul>\n<p><a href=\"https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/12\/Spear-phishing-7.png\" target=\"_blank\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-90250 size-full\" src=\"https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/12\/Spear-phishing-7.png\" sizes=\"auto, (max-width: 951px) 100vw, 951px\" srcset=\"https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/12\/Spear-phishing-7.png 951w, https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/12\/Spear-phishing-7-300x146.png 300w, https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/12\/Spear-phishing-7-768x374.png 768w\" alt=\"\" width=\"951\" height=\"463\" \/><\/a><\/p>\n<p><em>Figure 4. Enhanced anti-phishing capabilities are available in Microsoft Office 365.<\/em><\/p>\n<ul>\n<li><span class=\"inner-wrap\"><strong>Deploy technology designed to block phishing emails<\/strong>\u2014If users don\u2019t receive the phishing email, they can\u2019t act on it! Deploy technology that can help you catch phishing emails before they land in someone\u2019s inbox. For instance, Office 365, one of the world\u2019s largest email providers, offers a variety of protection against phishing attacks\u00a0<a href=\"https:\/\/docs.microsoft.com\/en-us\/microsoft-365\/security\/office-365-security\/anti-phishing-protection\" target=\"_blank\" rel=\"noopener noreferrer\">by default<\/a>\u00a0and through additional offerings such as\u00a0<a href=\"https:\/\/docs.microsoft.com\/en-us\/microsoft-365\/security\/office-365-security\/atp-anti-phishing\" target=\"_blank\" rel=\"noopener noreferrer\">Microsoft Advanced Threat Protection (ATP) anti-phishing<\/a>. Importantly, Microsoft has both been advancing the anti-phishing capabilities of Office 365 (see Figure 4 above) and\u00a0<a href=\"https:\/\/www.microsoft.com\/security\/blog\/2018\/10\/17\/how-office-365-learned-to-reel-in-phish\/\" target=\"_blank\" rel=\"noopener noreferrer\">improving catch rates<\/a>\u00a0of phishing emails.<\/span><\/li>\n<\/ul>\n<h3>Get in touch<\/h3>\n<p>Reach out to Diana Kelley on\u00a0<a href=\"https:\/\/www.linkedin.com\/in\/dianakelleysecuritycurve\/\" target=\"_blank\" rel=\"noopener noreferrer\">LinkedIn<\/a>\u00a0or\u00a0<a href=\"https:\/\/twitter.com\/dianakelley14\" target=\"_blank\" rel=\"noopener noreferrer\">Twitter<\/a>\u00a0or Seema Kathuria on\u00a0<a href=\"https:\/\/www.linkedin.com\/in\/seema-kathuria-8987921\/\" target=\"_blank\" rel=\"noopener noreferrer\">LinkedIn<\/a>\u00a0or\u00a0<a href=\"https:\/\/twitter.com\/reachseemak\" target=\"_blank\" rel=\"noopener noreferrer\">Twitter<\/a>\u00a0and let them know what you\u2019d like to see us cover as they talk about new security products and capabilities.<\/p>\n<p>Also, bookmark the\u00a0<a href=\"https:\/\/www.microsoft.com\/security\/blog\/\" target=\"_blank\" rel=\"noopener noreferrer\">Security blog<\/a>\u00a0to keep up with our expert coverage on security matters. Also, follow us at\u00a0<a href=\"https:\/\/twitter.com\/@MSFTSecurity\" target=\"_blank\" rel=\"noopener noreferrer\">@MSFTSecurity<\/a>\u00a0for the latest news and updates on cybersecurity.<\/p>\n<\/div>\n<p>End of David Papkin post on Spear Phishing<\/p>\n<\/article>\n<nav class=\"c-link-navigation f-align-left custom-link-navigation\" aria-labelledby=\"category-header\">\n<h3 id=\"category-header\" class=\"c-heading\">Filed under:<\/h3>\n<ul class=\"c-list\">\n<li><a class=\"c-hyperlink\" href=\"https:\/\/www.microsoft.com\/security\/blog\/ciso-series\/\">CISO series<\/a>,<\/li>\n<li><a class=\"c-hyperlink\" href=\"https:\/\/www.microsoft.com\/security\/blog\/microsoft-defender-advanced-threat-protection\/\">Microsoft Defender Advanced Threat Protection<\/a>,<\/li>\n<li><a class=\"c-hyperlink\" href=\"https:\/\/www.microsoft.com\/security\/blog\/phishing\/\">Phishing<\/a><\/li>\n<\/ul>\n<\/nav>\n<p><\/main><\/section>\n","protected":false},"excerpt":{"rendered":"<p>This David Papkin post on spear phishing is derived from Microsoft post\u00a0 Spear phishing campaigns\u2014they\u2019re sharper than you think December 2, 2019 Spear phishing campaigns\u2014they\u2019re sharper than you think Diana Kelley\u00a0Cybersecurity Field CTO Seema Kathuria\u00a0Senior Manager, Cybersecurity Solutions Group Even&hellip; <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[70,130,139,140,154],"class_list":["post-2972","post","type-post","status-publish","format-standard","hentry","category-david-papkin","tag-davidpapkin","tag-phishing","tag-security","tag-securityasaculture","tag-spearphishing"],"_links":{"self":[{"href":"https:\/\/davidpapkin.com\/index.php?rest_route=\/wp\/v2\/posts\/2972","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/davidpapkin.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/davidpapkin.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/davidpapkin.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/davidpapkin.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2972"}],"version-history":[{"count":0,"href":"https:\/\/davidpapkin.com\/index.php?rest_route=\/wp\/v2\/posts\/2972\/revisions"}],"wp:attachment":[{"href":"https:\/\/davidpapkin.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2972"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/davidpapkin.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2972"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/davidpapkin.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2972"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}