T 5.25 Masquerade

A user uses the masquerade in order to fake a false identity. For example, he/she adopts a false identity by spying out user ID and password (see also T 5.9 Unauthorised use of IT systems), by manipulating the sender field of a message, or by manipulating an address (for example, see also T 5.48 IP spoofing or T 5.87 Web spoofing) in the network. Furthermore, a false identity may be obtained by manipulating the caller ID (Calling Line Identification Presentation) in ISDN or by manipulating the sender ID of a fax sender (CSID - Call Subscriber ID).

A user who has been deceived regarding the identity of his/her communication partner may easily be led to disclose information requiring protection.

An attacker may also use a masquerade to attempt to intrude on an already established connection without having to authenticate himself/herself, since this step was already performed by the original communication partners (see also T 5.89 Hijacking of network connections).

© Federal Office for Information Security. All rights reserved.