Standardseverity: MediumDraft

CAPEC-195Principal Spoof

Abstraction
Standard
Status
Draft
Severity
Medium

Description

A Principal Spoof is a form of Identity Spoofing where an adversary pretends to be some other person in an interaction. This is often accomplished by crafting a message (either written, verbal, or visual) that appears to come from a person other than the adversary. Phishing and Pharming attacks often attempt to do this so that their attempts to gather sensitive information appear to come from a legitimate source. A Principal Spoof does not use stolen or spoofed authentication credentials, instead relying on the appearance and content of the message to reflect identity.

Related attack patterns· 1

CAPEC-151 (ChildOf)

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Identity Spoofing
CAPEC
Fake the Source of Data
CAPEC
Pretexting
CAPEC
Influence Perception of Authority
CAPEC
Phishing
CAPEC
Content Spoofing
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.