Show in Graph
Common Information
Type Value
Value 
Impersonation - T1656
Category Attack-Pattern
Type Mitre-Attack-Pattern
Misp Type Cluster
Description Adversaries may impersonate a trusted person or organization in order to persuade and trick a target into performing some action on their behalf. For example, adversaries may communicate with victims (via [Phishing for Information](https://attack.mitre.org/techniques/T1598), [Phishing](https://attack.mitre.org/techniques/T1566), or [Internal Spearphishing](https://attack.mitre.org/techniques/T1534)) while impersonating a known sender such as an executive, colleague, or third-party vendor. Established trust can then be leveraged to accomplish an adversary’s ultimate goals, possibly against multiple victims. In many cases of business email compromise or email fraud campaigns, adversaries use impersonation to defraud victims -- deceiving them into sending money or divulging information that ultimately enables [Financial Theft](https://attack.mitre.org/techniques/T1657). Adversaries will often also use social engineering techniques such as manipulative and persuasive language in email subject lines and body text such as `payment`, `request`, or `urgent` to push the victim to act quickly before malicious activity is detected. These campaigns are often specifically targeted against people who, due to job roles and/or accesses, can carry out the adversary’s goal.   Impersonation is typically preceded by reconnaissance techniques such as [Gather Victim Identity Information](https://attack.mitre.org/techniques/T1589) and [Gather Victim Org Information](https://attack.mitre.org/techniques/T1591) as well as acquiring infrastructure such as email domains (i.e. [Domains](https://attack.mitre.org/techniques/T1583/001)) to substantiate their false identity.(Citation: CrowdStrike-BEC) There is the potential for multiple victims in campaigns involving impersonation. For example, an adversary may [Compromise Accounts](https://attack.mitre.org/techniques/T1586) targeting one organization which can then be used to support impersonation against other entities.(Citation: VEC)
Details Published Attributes CTI Title
Details Website 2014-12-08 12 Hacking SQL Server Stored Procedures – Part 2: User Impersonation
Details Website 2014-11-22 10 Mimikatz and Active Directory Kerberos Attacks
Details Website 2014-11-14 9 Weekly Metasploit Wrapup: SQL Server Privileges, Templating New Modules | Rapid7 Blog
Details Website 2014-11-06 1 Real-World Attack Scenario: From Blind, Timing-Based SQL Injection to Windows Domain Administrator
Details Website 2014-09-25 4 Wireless security in LTE Networks
Details Website 2014-06-24 6 IT Act 2000 – Penalties, Offences With Case Studies - Checkmate
Details Website 2014-04-11 3 Answering the Critical Question: Can You Get Private SSL Keys Using Heartbleed?
Details Website 2014-02-17 167 Mapping Hacking Team’s “Untraceable” Spyware
Details Website 2013-04-10 62 Metasploit 4.6.0 Released! | Rapid7 Blog
Details Website 2013-03-21 0 “Cyber Crime Department” scam - Microsoft Security Blog
Details Website 2013-01-17 2 Weekly Update: Metasploit 4.5.1, MSFUpdate, and More Wordpress Hijinks | Rapid7 Blog
Details Website 2012-10-12 0 Resolving Hostapd issues in the new SILICA VM
Details Website 2012-09-10 31 Securing the Java plug-in in Internet Explorer
Details Website 2012-08-22 9 Install Volume License (MAK) key and activate Windows 8
Details Website 2012-08-07 2 Token Stealing And Incognito
Details Website 2012-05-29 1126 Hexacorn | Blog Quick look at…
Details Website 2012-03-26 1 Meterpreter Commands
Details Website 2011-06-08 39 Le framework metasploit – 2/2 – Sec Team Blog
Details Website 2011-03-21 0 Burp v1.4 preview - Comparing site maps
Details Website 2010-11-04 2 Investing in security versus facing the consequences | Bloor Research White Paper
Details Website 2010-09-14 1 Myrtus and Guava, Episode MS10-061
Details Website 2010-02-05 95 NIST Special Publication 800-63B
Details Website 2010-01-01 6 Safe, Reliable, Hash Dumping | Rapid7 Blog