AC03 Social Engineering Against Remote User
| Context | Remote user interacts with a cloud application |
| Problem | Remote user suffers from Social Engineering attacks, performed by third-party adversary (e.g. including the cloud application into phishing schema) |
| Solution | Apply security awareness (cloud application); Apply security training (remote user); |
| References | R.29: Social engineering attacks (impersonation) [ENISA] |
| Type | ns:type_ThreatPattern |
| Victim | su:comp_RemoteUser |
| Aggressor | su:comp_CloudApplication |
| Aggr. role | ns:role_Server |
| STRIDE | ns:STRIDE_Information_Disclosure; ns:STRIDE_Spoofing |
| Threat | ns:threat_txExploitingBadPolicies |