CAPEC-195: Principal Spoof

攻击模式描述

A Principal Spoof is a form of Identity Spoofing where an adversary pretends to be some other person in an interaction. This is often accomplished by crafting a message (either written, verbal, or visual) that appears to come from a person other than the adversary. Phishing and Pharming attacks often attempt to do this so that their attempts to gather sensitive information appear to come from a legitimate source. A Principal Spoof does not use stolen or spoofed authentication credentials, instead relying on the appearance and content of the message to reflect identity.

前提条件

• The target must associate data or activities with a person's identity and the adversary must be able to modify this identity without detection.

所需资源

• None: No specialized resources are required to execute this type of attack.