CAPEC 151

An attacker crafts a message that masquerades as a message from a principal other than the actual message sender. This may involve having the attacker create content for the purpose of making it appear to originate from a legitimate "spoofed" source. Phishing and Pharming attacks often attempt to do this so that their attempts to gather sensitive information appear to come from a legitimate source. Alternatively, an attacker may intercept a message from a legitimate sender and attempt to make it look like the message comes from them without changing its content. The latter form of this attack can be used to hijack credentials from legitimate users. This attack need not be limited to transmitted messages - any resource that is associated with an identity (for example, a file with a signature) can be the target of an attack where the attacker attempts to change the apparent source. This attack differs from Content Spoofing attacks since, in Content Spoofing, the attacker does not wish to change the apparent source of the message but instead wishes to change what the source appears to say. In an Identity Spoofing attack, the attacker is attempting to change the apparent source of the content.