Standardlikelihood: Highseverity: Very HighDraft

CAPEC-98Phishing

Abstraction
Standard
Status
Draft
Likelihood
High
Severity
Very High

Description

Phishing is a social engineering technique where an attacker masquerades as a legitimate entity with which the victim might do business in order to prompt the user to reveal some confidential information (very frequently authentication credentials) that can later be used by an attacker. Phishing is essentially a form of information gathering or "fishing" for information.

Related weaknesses· 1

CWE-451

MITRE ATT&CK crosswalk· 2

T1566: PhishingT1598: Phishing for Information

Related attack patterns· 7

CAPEC-151 (ChildOf)CAPEC-89 (CanPrecede)CAPEC-543 (CanPrecede)CAPEC-611 (CanPrecede)CAPEC-630 (CanPrecede)CAPEC-631 (CanPrecede)CAPEC-632 (CanPrecede)

Exploits1

TypeTargetConfidenceTier
WeaknessUser Interface (UI) Misrepresentation of Critical Informationcwe-451100%live

Related to2

TypeTargetConfidenceTier
TechniquePhishing for Informationt1598100%live
TechniquePhishingt1566100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Pretexting
CAPEC
Voice Phishing
CAPEC
Mobile Phishing
CAPEC
Pharming
Technique
Phishing for Information
CAPEC
Identity Spoofing
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.