Detailedlikelihood: Highseverity: HighStable

CAPEC-656Voice Phishing

Abstraction
Detailed
Status
Stable
Likelihood
High
Severity
High

Description

An adversary targets users with a phishing attack for the purpose of soliciting account passwords or sensitive information from the user. Voice Phishing is a variation of the Phishing social engineering technique where the attack is initiated via a voice call, rather than email. The user is enticed to provide sensitive information by the adversary, who masquerades as a legitimate employee of the alleged organization. Voice Phishing attacks deviate from standard Phishing attacks, in that a user doesn't typically interact with a compromised website to provide sensitive information and instead provides this information verbally. Voice Phishing attacks can also be initiated by either the adversary in the form of a "cold call" or by the victim if calling an illegitimate telephone number.

Related attack patterns· 1

CAPEC-98 (ChildOf)

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Pretexting via Phone
CAPEC
Phishing
Sub-technique
Spearphishing Voice
CAPEC
Mobile Phishing
CAPEC
Pretexting via Customer Service
CAPEC
Pretexting
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.