CAPEC-151
Identity Spoofing
Description
Identity Spoofing refers to the action of assuming (i.e., taking on) the identity of some other entity (human or non-human) and then using that identity to accomplish a goal. An adversary may craft messages that appear to come from a different principle or use stolen / spoofed authentication credentials.
Prerequisites
The identity associated with the message or resource must be removable or modifiable in an undetectable way.
Mitigations
Employ robust authentication processes (e.g., multi-factor authentication).