Threat DF.Auth.HuWEDF.3

URI: DF.Auth.HuWEDF.3

Description: Phishing attack fools Human into loading malicious URL to WebBrowser: user Human viewing email in their mail client MUA clicks on a malicious link, sending it to their web browser WebBrowser.

Threat Type: Primary Threat

Matching Pattern:

MP-HuWEDF

Finds a Human using a web browser that is receiving a data flow from an email service.

(empty)

DF.Auth.PDFIDADFI.0

Unauthentic data Data from FlowsFrom forwarded by Process to FlowsTo: if the flow of data Data from process FlowsFrom to process Process is unauthentic, so is the forwarded flow to FlowsTo.

DF.Auth.PDFODADFO.0

DS.Auth.HPDFDADS.0

Flow of unauthentic data Data from FlowsFrom is stored by data service Process: if the flow of data Data from FlowsFrom to Process is unauthentic, then so will be the copy saved locally on device Host by Process.

Se.Auth.SePDsFF.0

Loss of authenticity at sensor Sensor: if the onboard data received from a sensor by any client is altered by an attacker, it is modelled as a loss of authenticity at the sensor.

(empty)

LossOfAuthenticity at Role_DataFlow

CSG-SpamFilteringAtMUA	Spam filtering functionality is installed on the email user agent *MUA* (a mail client or a webmail service).
CSG-UserSecurityTraining	Users in the role *Human* are trained to avoid most common cyber security errors by using only strong passwords, recognising malicious emails, and the importance of physical security including the use of screen locking for fixed devices that cannot be carried on the person.

Threat DF.Auth.HuWEDF.3

MP-HuWEDF

Triggered by Threat (0)

Triggers Secondary Threats (4)

DF.Auth.PDFIDADFI.0

DF.Auth.PDFODADFO.0

DS.Auth.HPDFDADS.0

Se.Auth.SePDsFF.0

Triggered By Control Strategy (0)

Misbehaviour Sets (1)

Control Strategies (2)