Misrepresentation

Misrepresentation is the intentional presentation of a false identity, authority, rights, or content as if it were true so that the target user (victim) or system may be deceived by the false information. These misrepresentations are common elements of a multistage attack, such as phishing.

Identity misrepresentation is the typical threat that an attacker presents his identity with false information, such as false caller name, number, domain, organization, email address, or presence information.

Authority or rights misrepresentation is the method of presenting false information to an authentication system to obtain the access permit, or bypassing an authentication system by inserting the appearance of authentication when there was none. It includes presentation of password, key, certificate, and so on. The consequence of this threat could be improper access to toll calls, toll calling features, call logs, configuration files, presence information of others, and so on.

Content misrepresentation is the method of presenting false content as if it came from a trusted source of origin. It includes false impersonation of voice, video, text, or image of a caller.