Main Page: Difference between revisions

From Cognitive Attack Taxonomy
 
(5 intermediate revisions by the same user not shown)
Line 1: Line 1:
'''
= '''The Cognitive Attack Taxonomy (CAT)''' =
'''<br>
Visit the [https://www.cognitivesecurity.institute/ '''Cognitive Security Institute'''] to learn more about cognitive security and related topics!<br>
'''Learn how to interpret the Cognitive Attack Taxonomy''' [[Interpreting the Cognitive Attack Taxonomy|'''here''']].<br>


Visit the [https://www.cognitivesecurity.institute/ Cognitive Security Institute] to learn more about cognitive security and related topics!
{| class="wikitable sortable"
 
|+
 
|-
<strong>[[CognitiveAttackTaxonomy|Cognitive Attack Taxonomy index.]]</strong>
! CAT ID !! CAT Name !! Layer !! Category
<br>
|- CAT ID CAT Name Layer Category
<strong>[[#How To Understand the Cognitive Attack Taxonomy|Understanding the Cognitive Attack Taxonomy.]]</strong>
|    CAT-2024-010    || [[QRishing  ]]    || 8    || TTP
 
|- 
= '''<big>Introduction to the Cognitive Attack Taxonomy (CAT)</big>''' =
|    CAT-2024-007    || [[Need to Correct  ]]    || 8    || Vulnerability
 
|- 
“Hacking” refers to manipulating objects, systems, processes, or technologies in ways not originally intended to produce outcomes not otherwise achievable, or would be much more difficult to achieve, through conventional means. Extending the concept which was originally used within the model train community, then extended to the programming and software development community, then adapted to the cybersecurity community, may be applied to human and artificial cognitive processes.<br>
|    CAT-2024-006    || [[Regulatory Capture  ]]    || 10    || Exploit
 
|- 
Cognitive “hacking” relies upon the ability to repurpose, extend, or misuse functions, which likely evolved or developed for one purpose, and apply these functions toward other purposes. For example, humans developed bi-pedal mobility (the ability to walk) because this provided some evolutionary adaptive advantage (likely hunting), but this ability to consistently balance on two feet can be applied in ways that extend beyond the original purpose. This ability to balance to on two feet can now be “hacked” to balance on a moving skateboard. Riding a skateboard was not the original intention of bipedal mobility, but the art of skateboarding would be much more limited if humans never developed the ability to stand up. While balancing on two feet is not what typically comes to mind when considering cognitive abilities, research in robotics demonstrates the enormous computational challenge of performing such an apparently simple function.<br>
|    CAT-2024-005    || [[Perjury_Trap  ]]    || 8, 10    || TTP
 
|- 
The Cognitive Attack Taxonomy (CAT) considers cognitive vulnerabilities, exploits, tactics/techniques, tools, and procedures, relative to cognitive processing in the broadest possible sense within biological (humans and animals) and artificial (embodied and virtual) cognitive systems at all levels. Cognition from this perspective refers to information processing systems, which may, or may not, include awareness, consciousness, or sentience.
|    CAT-2024-004    || [[Stroop_Test  ]]    || 8    || TTP
 
|- 
= '''Cognitive Vulnerabilities''' =
|    CAT-2024-003    || [[False_Feedback_Injection  ]]    || 7    || TTP
The term ‘’cognitive vulnerabilities’’ is misleading in that it implies a weakness, but within the context of cognitive security, vulnerabilities should be considered as ‘’potentialities for misuse’’. A computer operating system that is capable of encrypting files for security purposes has an inherent ‘’vulnerability’’ in that this capability may also be weaponized by an adversary for malicious purposes. For example, if the file encryption (intended for enhancing security) is manipulated by a malicious threat actor, then that capability can be used to encrypt the owner’s files while the threat actor holds the decryption key. This activity is sometimes referred to as ‘’ransomware’’. This example demonstrates that beneficial features can often be misused to achieve malicious objectives, hence ‘’weaponized’’. <br>
|- 
 
|    CAT-2024-002    || [[Sleeper_Agent_Attack  ]]    || 7    || TTP
An example of how this might apply to human cognition might be found in the Reciprocity Norm, which seems to be universal across all cultures (and may span several species <ref>Two Monkeys Were Paid Unequally: Excerpt from Frans de Waal's TED Talk, Apr 4, 2013. Available at: https://www.youtube.com/watch?v=meiU6TxysCg&pp=ygUcbW9ua2V5IGdyYXBlIGN1Y3VtYmVyIHVuZmFpcg%3D%3D</ref>, suggesting that this is a relatively ‘’hard-wired’’ cognitive function. The Reciprocity Norm dictates that one should reciprocate actions that another has taken toward oneself. In other words, if someone does something nice for you, you should do something nice for them; conversely, if they do something unkind to you, you have the implied right to be unkind to them. This norm is also consistent with several game theoretical simulations of the Prisoner’s Dilemma which demonstrate that a “tit-for-tat” is the optimal inter-agent relational strategy. <br>
|-  
 
|    CAT-2024-001    || [[Evil_Eve_Attack  ]]    || 7    || TTP
From the perspective of social cooperation, the Reciprocity Norm is fundamentally critical to building human culture and society would immediately dissolve without such a norm, thus from this perspective Reciprocity is both critical and extremely beneficial. From the cognitive security perspective, the Reciprocity Norm is viewed as a vulnerability because a threat actor (defined as anyone not being completely transparent in their intentions) may employ an action, such as gift giving to increase the likelihood of receiving something they want in return. In this way that threat actor is “exploiting” the Reciprocity Norm by taking an action to ‘’induce the reciprocity norm’’ within the targeted individual.<br>
|- 
 
|    CAT-2024-008    || [[Positive_Test_Strategy  ]]    || 8    || Vulnerability
<!-- Example vulnerability | Magnetoreception | https://en.wikipedia.org/wiki/Magnetoreception   -->
|-    
 
|    CAT-2024-010    || [[Hyperstition ]]    || 8    || Vulnerability
= '''Cognitive Exploits''' =
|-
Within the field of cybersecurity, an exploit refers to a sequence of commands, a software bug, a “glitch” or malfunction, or maliciously written code, which can be used to cause the targeted system to behave in unprescribed ways, which may or may not lead to damage of the system. Within this context, “an exploit” (as a noun) refers to the specified mechanism the threat actor uses to affect the action of the exploitation, whereas “to exploit” (as a verb) refers to the action of launching the mechanism or taking an action, which sets the exploitation mechanism into action.<br><br>
|    CAT-2024-009    || [[Psychological_Chuting  ]]    || 8    || Exploit
The CAT uses this term of exploitation in a very similar way as it is used in information security. A cognitive exploit is a mechanism to manipulate a cognitive vulnerability (noun), or may be a sequence of actions taken by a threat actor to induce actions or state changes in the cognitive system (verb).<br><br>
|- 
Returning to the previous example outline under Cognitive Vulnerabilities <!-- [https://csi.wiki/home/index.php/Cognitive_Attack_Taxonomy#Cognitive_Vulnerabilities Cognitive Vulnerabilities]--> above which gave the example of the Reciprocity Norm, the threat actor ‘’exploits’’ the ‘’cognitive vulnerability’’ of the Reciprocity Norm by ‘’inducing reciprocity’’ through the action of giving a gift to the targeted individual. This is exploiting Reciprocity through an action (verb). Over the millennia threat actors in the forms of con artists, politicians, salespeople, marketers, propagandists, and others interested in manipulating people, have developed a broad catalog of tactics, techniques, and procedures (TTPs) designed with the intention of manipulating humans by exploiting cognitive vulnerabilities, in other words ‘’exploits’’ (as a noun). <br><br>
|    CAT-2023-018    || [[Repeated_Exposure  ]]    || 8    || Exploit
 
|- 
= '''Cognitive Tools | Tactics/Techniques | Procedures (T/TTPs)''' =
|    CAT-2023-017    || [[Model_Extraction_Attacks  ]]   || 7    || TTP
Threat actors no longer need to develop cognitive exploits from scratch. In the first decade of the twenty-first century, the pick-up artist (PUA) community developed what they referred to as “technology”, as a series of techniques which enhanced their probability of success in “picking up” a prospective date. These techniques themselves were not particularly novel in themselves, as was the method of information sharing among the PUA community. This community co-evolved with the widespread adoption of the internet and early versions of social media (message boards). This meant that the community was able to compare notes, share successes or failures, and ‘’most importantly’’ develop a glossary of terms referring to highly specified tactics and techniques (exploits as a noun) which could be used to manipulate their prospective targets through ‘’cognitive vulnerabilities’’. Extending this concept into the larger cognitive security domain, it is possible to identify not only ‘’tactics’’ and ‘’techniques’’, but we may also extend the CAT to include available ‘’tools’’ and ‘’procedures’’.<br><br> 
|- 
The example of gift-giving was mentioned above as a means of exploiting the Reciprocity Norm cognitive vulnerability. Another example of an exploit (exploitation technique) which may be used against this cognitive vulnerability is the Door-In-The-Face technique which involves a threat actor initially presenting a large request that is anticipated to be denied, with the intention of following this up with a smaller request. This technique is effective because it manipulates the perceived sense of fairness between the actors and induces a sense of obligation in the target who now feels the need to cooperate with the threat actor out of a need to reciprocate and maintain the balance of fairness. The Door-In-The-Face technique is effective because it increases the likelihood that the second (less costly) option will be accepted, than if the threat actor presented that option initially.<br><br>
|    CAT-2023-016    || [[Model_Theft  ]]    || 7    || TTP
 
|- 
== '''Cognitive Attack Tools''' ==
|   CAT-2023-015    || [[Data_Reconstruction  ]]    || 7    || Exploit
More to come...<br>
|-  
 
|    CAT-2023-014    || [[Model_Inversion_Attack  ]]    || 7    || Exploit
== '''Cognitive Attack Tactics/Techniques''' ==
|-  
More to come...<br>
|    CAT-2023-013    || [[Membership_Inference_Attack  ]]    || 7    || Exploit
==== '''Scams, Cons, and Ruses''' ====
|-  
More to come...<br>
|    CAT-2023-012    || [[Adversarial_Examples  ]]    || 7    || Exploit
 
|- 
== '''Cognitive Attack Procedures''' ==
|    CAT-2023-011    || [[Evasion_Attacks  ]]    || 7    || TTP
More to come...<br>
|- 
 
|    CAT-2023-010    || [[Input_Manipulation_Attack  ]]    || 7    || TTP
= '''The  V-E-T Relationship''' =
|- 
 
|    CAT-2023-009    || [[Backdoor_Attacks  ]]    || 7    || TTP
The CAT describes the interlocking relationships between cognitive '''''[[Cognitive Vulnerabilities|<big>Vulnerabilities</big>]]''''', '''''[[Cognitive_Exploits|<big>Exploits</big>]]''''', and '''''[[TTPs|<big>T/TTPs</big>]]'''''. These relationships can be used to anticipate attacks (and defenses), for research purposes, threat modeling, and other applications.<br>
|- 
The relationship between cognitive vulnerabilities, exploits, and TTPs should be thought of in terms of the cognitive vulnerabilities being opportunities or potentiality for exploitation, cognitive exploits being the mechanism of exploitation, and TTPs being the methodology that for implementing the exploit.
|    CAT-2023-008    || [[Trigger_Based_Attack  ]]   || 7    || TTP
<!-- [[File:2D-3D Printed Facial Prosthetics.jpg|thumb|right|alt=Exploiting biometrics with 3D printed facial prosthetics|Exploiting biometrics with 3D printed facial prosthetics]]-->
|- 
Adopting the physical analogy of the process of bolting pieces of metal together; the ''vulnerability'' would be a threaded hole in the metal, the ''exploit'' would be the bolt that fits within that threaded hole, and the wrench to tighten the bolt would be the ''TTP''.
|    CAT-2023-007    || [[Training_Data_Poisoning_Attack  ]]   || 7    || TTP
This relationship is key to understanding how the taxonomic classes work in concert, if no vulnerability exists, then there is no means to exploit it. For example, many migratory birds have the ability to sense magnetic fields, which they seem to use for navigation. While this ability provides several advantages it also presents a vulnerability which may be <!-- [https://en.wikipedia.org/wiki/File:Effect_of_RF_interference_on_Magnetoreception_in_Birds.svg exploited] --> through the projection of radio frequency interference. Humans lack the same level of magnetic sensitivity as migratory birds and therefor cannot be exploited using the same mechanism.
|- 
<!-- [[File:SportsBallStopSign.jpg|thumb|left|alt=Stop sign misclassified as a "sports ball".|Stop sign misclassified as a "sports ball" using artistic exploit.]] -->
|    CAT-2023-006    || [[Campbell’s_Law  ]]    || 9    || Vulnerability
Cognitive vulnerabilities are highly context dependent. For example, humans less than 23 to 25 years old have the ability to hear higher frequency sounds than older adults. As a vulnerability, this feature has been exploited by the Mosquito sonic area denial system. The Mosquito emits a loud high-pitched humming sound (similar to the sound that a mosquito makes) which is nearly unbearable to those who can hear it, but inaudible to those who cannot. The Mosquito is thus used to prevent individuals within a specific age range from congregating in areas covered by the Mosquito's range. This same feature of hearing is leveraged as an exploit in itself by using the same sound frequency to create a ring tone which teenaged adults can hear but older adults (such as school teachers) cannot. This example illustrates how quickly the context for a cognitive vulnerability can shift.<br>
|- 
<!-- [[File:RoadPaintingNudge.jpg|thumb|right|alt=Road Painting Nudge|Exploiting drivers' through visual nudging]] -->
|    CAT-2023-005    || [[Training_Data_Poisoning  ]]   || 7    || Exploit
Any information processing system will have inherent cognitive vulnerabilities. These are endemic to a cognitive system and the system will usually cease functioning without them. These vulnerabilities tend to be highly specific to each system. For example, 3d printed facial prosthetics may allow threat actors to bypass biometric algorithms but will not deceive humans for an instant. Likewise, a painted graphic on a stop sign will not a human but may induce a computer vision algorithm to misclassify a stop sign as a "sports ball". By contrast, a perspective painting of a child chasing a ball into the street may deceive both a human driver and the computer vision algorithm controlling an autonomous vehicle, because these visual cues exploit similar information processing mechanisms in both cognitive systems.
|-  
<br>
|    CAT-2023-004    || [[Suffix_Injection  ]]    || 7    || TTP
Understanding these relationships improves understanding how cognitive attacks are applied, how they function, and how they might be potentially be "tuned" to particular targets. For example: if a vulnerability is lacking in an individual target or population, then it will be impossible to attack using a specified exploit.
|- 
 
|    CAT-2023-003    || [[Sensitive_Information_Disclosure  ]]   || 8    || Vulnerability
== Examples of V-E-T relationships ==
|-  
To more effectively clarify these relationships, here are a few examples of the relationships.
|    CAT-2023-002    || [[Prompt_Injection  ]]    || 7    || TTP
 
|-  
<!-- [[File:CAT TEST 1.jpg|frameless|right|alt=CAT TEST 1|CAT TEST 1]] -->
|    CAT-2023-001    || [[Overreliance_on_Automation  ]]    || 8    || Vulnerability
 
|-  
Examples:
|    CAT-2022-321    || [[Impulsivity  ]]    || 8    || Vulnerability
 
|- 
'''Vulnerability:''' Affinity toward Neoteny (Youthful features).<br>
|    CAT-2022-320    || [[Excessive_Agency  ]]    || 8    || Vulnerability
'''Exploit:''' Presentation or display of neotenic Features (Large eyes, large head).<br>
|- 
'''TTP:''' Design a robot to look "cute" to lower suspicions by adding neotenic features (such as large eye & head).<br>
|   CAT-2022-319    || [[Emoji_Injection  ]]    || 7, 8    || TTP
 
|- 
'''Vulnerability:''' Ability to hear sound within a specified frequency range.<br>
|    CAT-2022-318    || [[Culture_Jamming  ]]    || 8    || TTP
'''Exploit:''' Playing sound within that specified frequency range in a aggravating manner.<br>
|- 
'''TTP:''' "Mosquito" sonic area denial system.<br>
|    CAT-2022-317    || [[Chain-Of-Thought_Manipulation  ]]    || 7    || TTP  
 
|- 
'''Vulnerability:''' Need for Commitment and Consistency<br>
|    CAT-2022-316    || [[Network_Ambiance_Attack  ]]    || 8    || TTP  
'''Exploit:''' Ikea Effect<br>
|- 
'''TTP:''' Foot-in-the-Door technique<br>
|    CAT-2022-315    || [[Maskarovka  ]]    || 8    || TTP
 
|-  
'''Vulnerability:''' Need to Reciprocate<br>
|    CAT-2022-314    || [[Reflexive_Control  ]]    || 8    || TTP
'''Exploit:''' Inducing Reciprocity<br>
|- 
'''TTP:''' Door-in-the-Face technique (DITF technique is effective because of reciprocal concessions)<br>
|    CAT-2022-313    || [[Zone_Flooding  ]]    || 8    || TTP
 
|-  
= '''Applications of the CAT''' =
|    CAT-2022-312    || [[Incrementalism  ]]    || 8, 9    || Exploit
 
|- 
== '''Examples of Cognitive Attacks''' ==
|    CAT-2022-311    || [[Compliance-Ladder  ]]    || 8    || TTP
 
|- 
=== '''Proof-of-Concept Examples of Cognitive Attacks''' ===
|    CAT-2022-310    || [[Yes-Ladder  ]]    || 8    || TTP
 
|-  
 
|    CAT-2022-309    || [[Wing  ]]    || 8    || TTP
=== '''Real-World Examples of Cognitive Attacks''' ===
|- 
 
|    CAT-2022-308    || [[Whorfian_Attack  ]]    || 8    || Exploit
 
|- 
== '''Cognitive Attack Graphs''' ==
|    CAT-2022-307    || [[Venue_Change  ]]    || 8    || TTP
Using the Cognitive Attack Taxonomy, it becomes possible to map attacks which have occurred or attack which may potentially occur in the future. The figure below depicts a SMSishing attack, a social engineering technique which uses SMS messaging to transmit a phishing message. In this example, the threat actors sent the target a SMS message impersonating the target's bank. This message threatened that the target would be locked out of their account within a short period of time due to a negative balance in their account. Using the '''''tactic''''' of SMSishing, these threat actors employed the '''''techniques''''' of ''Account Lockout'' and ''Negative Balance'' to launch the '''''exploits''''' of ''Scarcity'' and ''Fear Of Missing Out'' as a means to exploit the '''''cognitive vulnerability''''' of ''Loss Aversion''. This system for building Cognitive Attack Graphs is extensible and scalable to accommodate a broad range of cognitive attacks ranging from social engineering, to influence operations, to lawfare, to neuro-attacks, narrative warfare, and others.<br>
|- 
 
|    CAT-2022-306    || [[Trance-Words  ]]    || 8    || TTP
<!-- [[File:SMSishing-Loss Aversion AttackGraph.jpg|frame|center|alt=Cognitive Attack Graph: SMSishing attack threatening account lockout due to a negative balance, employing the exploits of Scarcity and FOMO to exploit the Loss Aversion cognitive vulnerability.|Cognitive Attack Graph: SMSishing attack threatening account lockout due to a negative balance, employing the exploits of Scarcity and FOMO to exploit the Loss Aversion cognitive vulnerability.]] -->
|- 
 
|    CAT-2022-305    || [[Tainted_Leak ]]    || 8    || TTP
 
|-  
<!-- [[File:SMSishing-Loss Aversion AttackGraph.png|thumb|alt=SMSishing Graph|SMSishing]] -->
|    CAT-2022-304    || [[Social_Engineering_Toolkit  ]]    || 8    || TTP
 
|-  
== '''Open Systems Interconnection Model (OSI Model)''' ==
|    CAT-2022-303    || [[Slander_Attack  ]]    || 8    || TTP
 
|- 
=== '''Layer 1-7 (OSI Model)''' ===
|    CAT-2022-302    || [[Sandbagging  ]]   || 8    || TTP
Introduction to the OSI Model...
|-  
 
|    CAT-2022-301    || [[Reframing  ]]    || 8    || TTP
 
|- 
==== OSI Layer 1 ====
|    CAT-2022-300    || [[Prop  ]]    || 8    || TTP
 
|- 
==== OSI Layer 2 ====
|    CAT-2022-299    || [[Preloading  ]]    || 8    || TTP
 
|- 
==== OSI Layer 3 ====
|    CAT-2022-298    || [[Pendant_Anchoring  ]]    || 8    || TTP
 
|- 
==== OSI Layer 4 ====
|    CAT-2022-297    || [[Open-Ended_Question  ]]    || 8    || TTP
 
|- 
==== OSI Layer 5 ====
|    CAT-2022-296    || [[Negging  ]]    || 8    || TTP
 
|- 
==== OSI Layer 6 ====
|    CAT-2022-295    || [[Multi-Channel_Attack  ]]    || 8    || TTP
 
|- 
==== OSI Layer 7 ====
|    CAT-2022-294    || [[Mirroring  ]]    || 8    || TTP
 
|- 
===== AI and Large Language Models =====
|    CAT-2022-293    || [[Micro_Expression  ]]    || 8    || Vulnerability
Generative AI models, such as large language models (LLMs) reside at OSI Layer 7. According to Chat GPT4...<br><br>"Large Language Models (LLMs) like GPTs (Generative Pre-trained Transformers) operate at the Application Layer (Layer 7) of the OSI model. The Application Layer is the topmost layer that provides interfaces for applications to access network services and defines protocols that applications use to communicate over a network. LLMs and GPTs, being advanced software applications that provide natural language processing capabilities, interact with other software applications and services through the Application Layer. They use protocols defined at this layer to send and receive data over the network, offering services such as text generation, language translation, and content creation that are utilized by end-user applications."
|-  
 
|   CAT-2022-292    || [[Maltego  ]]   || 8    || Tool / TTP
==== Attacks At Different OSI Layers ====
|-  
 
|    CAT-2022-291    || [[Leading_Question  ]]    || 8    || TTP
[[File:OSI Attack Possibilities Table.jpg|none|center|alt=Attack Possibilities by OSI Layer (Layers 1 - 7)|OSI Attack Possibilities Table]]<ref>https://www.us-cert.gov/sites/default/files/publications/DDoS%20Quick%20Guide.pdf</ref>
|- 
 
|    CAT-2022-290    || [[Journobaiting  ]]    || 8   || TTP
== '''Human Interconnection Model (HIM)''' ==
|- 
 
|    CAT-2022-289    || [[Ice_Breaker  ]]    || 8    || TTP
=== '''Layer 8 (HIM)''' ===
|- 
 
|    CAT-2022-288    || [[Hot_Reading  ]]    || 8    || TTP
=== '''Layer 9 (HIM)''' ===
|- 
 
|    CAT-2022-287    || [[Honey_Channels  ]]    || 8    || TTP
=== '''Layer 10 (HIM)''' ===
|- 
 
|    CAT-2022-286    || [[Functional_Opener  ]]    || 8    || TTP
== '''Scales of Operation''' ==
|- 
 
|    CAT-2022-285    || [[Forcing  ]]    || 8    || Exploit
=== '''Tactical''' ===
|- 
 
|    CAT-2022-284    || [[Firehose_of_Falsehood  ]]    || 8    || TTP
=== '''Operational''' ===
|- 
 
|    CAT-2022-283    || [[False_Time_Constraint  ]]    || 8    || TTP
=== '''Strategic''' ===
|- 
 
|    CAT-2022-282    || [[False_Flag  ]]    || 8    || TTP
== '''Ethical Concerns''' ==
|- 
There is a philosophical perspective that advocates against the dissemination of “dark knowledge”; knowledge about ways that evil might be perpetrated or facilitated. This leads to an open debate which should be explored by the CSI community about whether these aspects of cognitive manipulation should be openly explored. A strong argument in favor of exploring these issues is that those intent on committing evil will learn of these tools, tactics, techniques, procedures, and human vulnerabilities without the aid of this reference. If being forewarned is to be forearmed, and knowledge is power, then advocating for the exposure of these vulnerabilities, exploits, and tools to the public may empower the public to anticipate and avoid such attacks.
|    CAT-2022-281    || [[Eject_with_Explanation  ]]    || 8    || TTP
 
|- 
= '''How To Understand the Cognitive Attack Taxonomy''' =
|    CAT-2022-280    || [[Double_Switch  ]]    || 8    || TTP
 
|- 
 
|    CAT-2022-279    || [[Deception-in-Depth  ]]    || 8, 9    || TTP  
'''<big>CAT Name:</big>''' This is the common name to describe the cognitive attack taxonomy (CAT) vulnerability, exploit, or T/TTP (VET).<br><br>
|- 
 
|    CAT-2022-278    || [[Conversational_Threading  ]]    || 8    || TTP
'''<big>Short Description:</big>''' This is a brief description of the CAT-VET is usually a two to three sentences maximum description of the entry.<br><br>
|- 
 
|    CAT-2022-277    || [[Cold_Reading  ]]    || 8    || TTP
'''<big>CAT ID:</big>''' Intended to be a unique identifier for the CAT-VET. The prefix "CAT" refers to the Cognitive Attack Taxonomy, followed by the year, and finally the serial number of the CAT-VET. For example, CAT-2021-005 identifies the fifth CAT-VET cataloged in calendar year 2021.<br><br>
|- 
 
|    CAT-2022-276    || [[Buscador  ]]    || 8    || Tool / TTP
'''<big>Layer:</big>''' This refers to the interconnection layer that the CAT-VET operates through. The Open Systems Interconnection Model (OSI Model) refers to communication between information systems. Layer 1 refers to the physical layer (wires or radio waves) and Layer 7 refers to the application layer at which the connection interfaces with the human user. The Human Interconnection Model (HIM) refers to Layer 8 (human layer), Layer 9 (organizational layer), and Layer 10 (legal layer).<br>
|-  
 
|    CAT-2022-275    || [[Brushing  ]]    || 8, 9   || TTP
* '''Layer 7:''' This is the layer that AI operates through (according to ChatGPT4).<br>
|- 
* '''Layer 8:''' The human layer at which heuristics, biases, and other psychological influence techniques operate. Social engineering or influence operations function at this layer.<br>
|    CAT-2022-274    || [[Baiting-Trolling  ]]    || 8    || TTP
* '''Layer 9:''' The organizational layer, manipulation techniques at this layer operate through policy functions.
|- 
* '''Layer 10:''' The legal layer, manipulation at this layer occurs through legislative processes or court cases.<br><br>  
|    CAT-2022-273    || [[Anchor-NLP_Technique ]]    || 8    || TTP
 
|- 
'''<big>Operational Scale:</big>''' This refers to the ''typical'' or ''expected'' scale this CAT-VET is deployed at.
|    CAT-2022-272    || [[Active_Indicator_Probe  ]]    || 8    || TTP
* '''Tactical:''' These are typically individual encounters with a single attacker and single target.
|- 
* '''Operational:''' This level refers to multiple engagements over a period of time, typically involving multiple parties.
|    CAT-2022-271    || [[Accomplished_Introduction  ]]    || 8    || TTP
* '''Strategic:''' Nation-state or nation-state level actors exercising multiple operations to exert strategic influence objectives.<br><br>
|- 
 
|    CAT-2022-270    || [[Operant_Conditioning  ]]    || 8    || Exploit
'''<big>Level of Maturity:</big>''' This header describes the degree to which a vulnerability, exploit, or T/TTPs has been vetted, validated, or established. V-E-Ts exist on a continuum from hypothetical ideas anchoring one extreme with very well established laws human nature occupying the other extreme with a spectrum of support for constructs in between. The Level of Maturity refers to the degree of empirical support that is documented for each V-E-T, and this designation may evolve over time.
|- 
* '''Theoretical:''' Unproven CAT-VETs that are feasible but have not yet been proven through a proof-of-concept test nor has been documented in the wild.  
|    CAT-2022-269    || [[Neoteny  ]]    || 8    || Vulnerability
* '''Proof-of-Concept:''' Security researchers commonly discover and report on vulnerabilities, exploits, or techniques. These CAT-VETs have not yet been documented in the wild. 
|-  
* '''Observed in the Wild:''' CAT-VETs which have been reported as occurring in a non-laboratory or controlled setting. These reports usually result from criminals employing techniques during the commission of crimes.
|    CAT-2022-268    || [[Need ]]    || 8    || Vulnerability
* '''In Common Use:''' These CAT-VETs are commonly encountered or exploited in uncontrolled environments and are commonly used by criminals and other threat actors.
|-  
* '''Well-Established:''' CAT-VETs that are in common use ''and'' are well-documented to be effective.<br><br>
|    CAT-2022-267    || [[Need_&_Greed_Attack  ]]    || 8    || Exploit
 
|-  
'''<big>Category:</big>''' The CAT-VET category informs whether an entry is a cognitive vulnerability, cognitive exploit, or is a tactic, technique, tool, or procedure.
|    CAT-2022-266    || [[Fear  ]]    || 8    || Vulnerability
* '''Vulnerability:''' Cognitive Vulnerability
|- 
* '''Exploit:''' Cognitive Exploit
|    CAT-2022-265    || [[Jolly_Roger_Bot  ]]    || 8    || Tool / TTP
* '''TTP:''' Cognitive Attack Tactic/Technique, Tool, or Procedure<br><br>
|- 
 
|    CAT-2022-264    || [[eWhoring  ]]    || 8    || TTP
'''<big>Subcategory:</big>''' The CAT-VET subcategory refers to the type of vulnerability, exploit, or T/TTP the entry falls within. The subcategory is intended to be expandable as new discoveries are made, while CAT-VET Categories are intended to be immutable.<br><br>
|- 
 
|    CAT-2022-263    || [[Synthetic_Media_Social_Engineering  ]]    || 8    || TTP  
'''<big>Also Known As:</big>''' Identifies alternative names or adjacent terms and concepts to the entry.<br><br>
|- 
 
|    CAT-2022-262    || [[Deepfake_Social_Engineering  ]]    || 8    || TTP  
'''<big>Brief Description:</big>''' This description is intended to be a five words or less description of the entry.<br><br>
|- 
 
|    CAT-2022-261    || [[Virus_Hoax  ]]    || 8    || TTP
'''<big>Closely Related Concepts:</big>''' These are concepts which relate to the entry but are not alternative names.<br><br>
|- 
 
|    CAT-2022-260    || [[Virtual_Kidnapping ]]    || 8    || TTP
'''<big>Mechanism:</big>''' This describes the operation of the CAT-VET entry. If the entry is a vulnerability, then the mechanisms described will be exploits or T/TTPs. If the entry is an exploit, the mechanisms will include vulnerabilities the exploit may be applied to or T/TTPs which may take advantage of the exploit, alternatively, a T/TTP entry will list cognitive vulnerabilities which it may be applied against or exploits which might be leveraged T/TTP deployment.<br><br>
|- 
 
|    CAT-2022-259    || [[Telemarketing_Scam ]]    || 8    || TTP
'''<big>Multiplier:</big>''' Describes adjacent phenomena which may enhance or degrade the entry. For example, decision fatigue (CAT-2022-050) is a cognitive vulnerability which describes the experience of increasing difficulty in resisting temptation as choices are made. This vulnerability may be enhanced by presenting more closely related alternatives when choosing between alternatives (increasing cognitive load), or degraded by presenting personally relevant information at the key decision point (increasing semantic relevance).<br><br>
|- 
 
|    CAT-2022-258    || [[Tech_Support_Scam  ]]    || 8    || TTP  
'''<big>Detailed Description:</big>''' This category provides a detailed description of the entry. This section can be as long as needed and is intended to be expandable to allow for new or updated information about the entry.<br><br>
|- 
 
|    CAT-2022-257    || [[Romance_Scam  ]]    || 8    || TTP
'''<big>Use Case Example:</big>''' Examples of how the CAT-VET might be used in a hypothetical situation.<br><br>
|- 
 
|    CAT-2022-256    || [[Hoax_Virus  ]]    || 8    || TTP
'''<big>Example From The Wild:</big>''' Example of the CAT-VET has been used in a documented case.<br><br>
|- 
 
|    CAT-2022-255    || [[Gift-Card_Scam  ]]    || 8    || TTP
'''<big>Comments:</big>''' General commentary on the CAT entry. Community discussions may exist here in addition to the page discussion notes.<br><br>
|- 
 
|    CAT-2022-254    || [[Crab_Phishing ]]    || 8    || TTP
'''<big>References:</big>''' All CAT entries are to be backed by references to the maximum practical extent. All entries should be backed by research and/or observations from the wild. The CAT is not intended to be a repository of fantasy or opinion.<br><br>
|- 
 
|    CAT-2022-253    || [[Cat_Fishing  ]]    || 8    || TTP
= '''References''' =
|- 
 
|    CAT-2022-252    || [[Business_Email_Compromise  ]]    || 8, 9    || TTP
 
|- 
 
|    CAT-2022-251    || [[Advance_Fee_Scam  ]]    || 8    || TTP
|- 
|    CAT-2022-250    || [[War_Shipping  ]]    || 8, 9    || TTP
|- 
|    CAT-2022-249    || [[Tailgating  ]]    || 8    || TTP
|- 
|    CAT-2022-248    || [[Snail_Mail_Attack  ]]    || 8    || TTP
|- 
|    CAT-2022-247    || [[Shoulder_Surfing  ]]    || 8    || TTP
|- 
|    CAT-2022-246    || [[Dumpster_Diving  ]]    || 8, 9    || TTP
|- 
|    CAT-2022-245    || [[Baiting-Drop  ]]    || 8    || TTP
|- 
|    CAT-2022-244    || [[Assistance_Ploy  ]]    || 8    || Exploit
|- 
|    CAT-2022-243    || [[Robot_Social_Engineering  ]]    || 8    || TTP
|- 
|    CAT-2022-242    || [[Dolphin_Attack  ]]    || 8    || Exploit
|- 
|    CAT-2022-241    || [[Acoustic_Attack  ]]    || 8    || TTP
|- 
|    CAT-2022-240    || [[Robo_Calling  ]]    || 8    || TTP
|- 
|    CAT-2022-239    || [[Spamigation  ]]    || 10    || TTP
|- 
|    CAT-2022-238    || [[Strategic_Lawsuit_Against_Public_Participation  ]]    || 10    || TTP
|- 
|    CAT-2022-237    || [[Patent_Trolling  ]]    || 10    || TTP
|- 
|    CAT-2022-236    || [[Legal_Loophole  ]]    || 10    || Vulnerability
|- 
|    CAT-2022-235    || [[Lawfare  ]]    || 10    || Exploit
|- 
|    CAT-2022-234    || [[Supply_Chain_Attack  ]]    || 9    || Exploit
|- 
|    CAT-2022-233    || [[Shadow_Security  ]]    || 9    || Vulnerability
|- 
|    CAT-2022-232    || [[Shadow_IT  ]]    || 9    || Vulnerability
|- 
|    CAT-2022-231    || [[Shadow_AP  ]]    || 9    || Vulnerability
|- 
|    CAT-2022-230    || [[Escalation_Attack  ]]    || 9    || TTP
|- 
|    CAT-2022-229    || [[Cybersquatting  ]]    || 9    || TTP
|- 
|    CAT-2022-228    || [[Spectrum_of_Allies  ]]    || 8    || TTP
|- 
|    CAT-2022-227    || [[Unity  ]]    || 8    || Vulnerability
|- 
|    CAT-2022-226    || [[Social_Proof  ]]    || 8    || Vulnerability
|- 
|    CAT-2022-225    || [[Scarcity  ]]    || 8    || Vulnerability
|- 
|    CAT-2022-224    || [[Reversing_Authority  ]]    || 8    || TTP
|- 
|    CAT-2022-223    || [[Reciprocity-Need_for  ]]    || 8    || Vulnerability
|- 
|    CAT-2022-222    || [[Pawn-Pivot  ]]    || 8    || TTP
|- 
|    CAT-2022-221    || [[Party_Crashing  ]]    || 8    || TTP
|- 
|    CAT-2022-220    || [[Liking  ]]    || 8    || Vulnerability
|- 
|    CAT-2022-219    || [[Door-in-the-Face_Technique  ]]    || 8    || TTP
|- 
|    CAT-2022-218    || [[Commitment-Consistency  ]]    || 8    || Vulnerability
|- 
|    CAT-2022-217    || [[Bandwagon_Effect  ]]    || 8    || Exploit
|- 
|    CAT-2022-216    || [[Authority-Deference_to  ]]    || 8    || Vulnerability
|- 
|    CAT-2022-215    || [[Assistance-Need_to_Provide  ]]    || 8    || Vulnerability
|- 
|    CAT-2022-214    || [[Network_Affect_Contagion  ]]    || 7, 8    || Vulnerability
|- 
|    CAT-2022-213    || [[Wall_Banging  ]]    || 8    || TTP
|- 
|    CAT-2022-212    || [[Trolling  ]]    || 8    || TTP
|- 
|    CAT-2022-211    || [[Trevor's_Axiom  ]]    || 8    || Exploit
|- 
|    CAT-2022-210    || [[Sympathy  ]]    || 8    || Vulnerability
|- 
|    CAT-2022-209    || [[Streisand_Effect  ]]    || 8    || Vulnerability
|- 
|    CAT-2022-208    || [[Stereotyping  ]]    || 8    || Vulnerability
|- 
|    CAT-2022-207    || [[Social_Desirability_Bias  ]]    || 8    || Vulnerability
|- 
|    CAT-2022-206    || [[Outgroup_Homogeneity_Bias  ]]    || 8    || Vulnerability
|- 
|    CAT-2022-205    || [[Network_Manipulated_Affect  ]]    || 8    || Vulnerability
|- 
|    CAT-2022-204    || [[Mass_Psychogenic_Illness  ]]    || 8    || Vulnerability
|- 
|    CAT-2022-203    || [[Ingroup_Bias  ]]    || 8    || Vulnerability
|- 
|    CAT-2022-202    || [[Zombification  ]]    || 8    || Exploit
|- 
|    CAT-2022-201    || [[Strobe_Attack  ]]    || 8    || TTP
|- 
|    CAT-2022-200    || [[Sonic_Area_Denial  ]]    || 8    || TTP
|- 
|    CAT-2022-199    || [[P300_Guilty_Knowledge_Test  ]]    || 8    || TTP
|- 
|    CAT-2022-198    || [[Interoceptive_Bias  ]]    || 8    || Vulnerability
|- 
|    CAT-2022-197    || [[Tab-Napping  ]]    || 8    || TTP
|- 
|    CAT-2022-196    || [[Prevalence_Paradox  ]]    || 8    || Vulnerability
|- 
|    CAT-2022-195    || [[Noise_Injection  ]]    || 8, 9    || TTP
|- 
|    CAT-2022-194    || [[Human_Buffer_Overflow  ]]    || 8    || Exploit
|- 
|    CAT-2022-193    || [[Gray_Signal_Attacks  ]]    || 8    || TTP
|- 
|    CAT-2022-192    || [[Focusing_Effect  ]]    || 8    || Vulnerability
|- 
|    CAT-2022-191    || [[Distracted_Approach-Distraction  ]]    || 8    || TTP
|- 
|    CAT-2022-190    || [[Boredom  ]]    || 8    || Vulnerability
|- 
|    CAT-2022-189    || [[Automaticity  ]]    || 8    || Vulnerability
|- 
|    CAT-2022-188    || [[Video_Puppetry  ]]    || 8    || TTP
|- 
|    CAT-2022-187    || [[Social_Jacking  ]]    || 8    || TTP
|- 
|    CAT-2022-186    || [[Perceptual_Deception  ]]    || 8    || Vulnerability
|- 
|    CAT-2022-185    || [[Like_Jacking  ]]    || 8    || TTP
|- 
|    CAT-2022-184    || [[IDN_Homograph_Attack  ]]    || 8    || TTP
|- 
|    CAT-2022-183    || [[Clickjacking  ]]    || 8    || TTP
|- 
|    CAT-2022-182    || [[Traitor_Tracing  ]]    || 8    || TTP
|- 
|    CAT-2022-181    || [[Ignorance  ]]    || 8    || Vulnerability
|- 
|    CAT-2022-180    || [[File_Masquerading  ]]    || 8, 9    || TTP
|- 
|    CAT-2022-179    || [[We_Know_All  ]]    || 8    || TTP
|- 
|    CAT-2022-178    || [[Silence  ]]    || 8    || TTP
|- 
|    CAT-2022-177    || [[Sensory_Matching  ]]    || 8    || TTP
|- 
|    CAT-2022-176    || [[Secret_Knowledge  ]]    || 8    || TTP
|- 
|    CAT-2022-175    || [[Rubber-Hose_Cryptanalysis  ]]    || 8    || Exploit
|- 
|    CAT-2022-174    || [[Repetition  ]]    || 8    || TTP
|- 
|    CAT-2022-173    || [[Repeat-a-Word  ]]    || 8    || TTP
|- 
|    CAT-2022-172    || [[Rapid_Fire  ]]    || 8    || TTP
|- 
|    CAT-2022-171    || [[Quid_Pro_Quo  ]]    || 8    || TTP
|- 
|    CAT-2022-170    || [[Provocative_Statement  ]]    || 8    || TTP
|- 
|    CAT-2022-169    || [[Pride_and_Ego_Approach  ]]    || 8    || TTP
|- 
|    CAT-2022-168    || [[Oblique_Reference  ]]    || 8    || TTP
|- 
|    CAT-2022-167    || [[Neuro-Linguistic_Programming  ]]    || 8    || Exploit
|- 
|    CAT-2022-166    || [[Naïve_Mentality  ]]    || 8    || TTP
|- 
|    CAT-2022-165    || [[Incentive_Approach  ]]    || 8    || TTP
|- 
|    CAT-2022-164    || [[Hour_Glass_Method  ]]    || 8    || TTP
|- 
|    CAT-2022-163    || [[Futility  ]]    || 8    || TTP
|- 
|    CAT-2022-162    || [[Flattery  ]]    || 8    || TTP
|- 
|    CAT-2022-161    || [[File_and_Dossier  ]]    || 8    || TTP
|- 
|    CAT-2022-160    || [[Fear-Up_Approach  ]]    || 8    || TTP
|- 
|    CAT-2022-159    || [[Fear-Down_Approach  ]]    || 8    || TTP
|- 
|    CAT-2022-158    || [[Ethical_Dilemma  ]]    || 8    || TTP
|- 
|    CAT-2022-157    || [[Establish_Your_Identity  ]]    || 8    || TTP
|- 
|    CAT-2022-156    || [[Emotional_Approach  ]]    || 8    || TTP
|- 
|    CAT-2022-155    || [[Elicitation_of_Information  ]]    || 8    || TTP
|- 
|    CAT-2022-154    || [[Disbelief  ]]    || 8    || TTP
|- 
|    CAT-2022-153    || [[Direct_Approach  ]]    || 8    || TTP
|- 
|    CAT-2022-152    || [[Deliberate_False_Statement  ]]    || 8    || TTP
|- 
|    CAT-2022-151    || [[Criticism  ]]    || 8    || TTP
|- 
|    CAT-2022-150    || [[Complaining-Tendency  ]]    || 8    || Vulnerability
|- 
|    CAT-2022-149    || [[Change_of_Scene  ]]    || 8    || TTP
|- 
|    CAT-2022-148    || [[Whaling  ]]    || 8    || TTP
|- 
|    CAT-2022-147    || [[Tailored_Messaging  ]]    || 8    || TTP
|- 
|    CAT-2022-146    || [[Sniper_Ad_Targeting  ]]    || 8    || TTP
|- 
|    CAT-2022-145    || [[Pluridentity_Attack  ]]    || 7,8,9,10    || Exploit
|- 
|    CAT-2022-144    || [[Inference_Attack  ]]    || 7,8,9,10    || Exploit
|- 
|    CAT-2022-143    || [[Data_Vulnerability  ]]    || 8    || Vulnerability
|- 
|    CAT-2022-142    || [[Vishing  ]]    || 8    || TTP
|- 
|    CAT-2022-141    || [[Spear_Phishing  ]]    || 8    || TTP
|- 
|    CAT-2022-140    || [[Sock-Puppetry  ]]    || 8    || TTP
|- 
|    CAT-2022-139    || [[SMSishing  ]]    || 8    || TTP
|- 
|    CAT-2022-138    || [[Shilling_Attack  ]]    || 9    || TTP
|- 
|    CAT-2022-137    || [[Shill  ]]    || 8    || TTP
|- 
|    CAT-2022-136    || [[Semantic_Attack  ]]    || 7, 8, 9    || Exploit
|- 
|    CAT-2022-135    || [[Scambaiting  ]]    || 8    || TTP
|- 
|    CAT-2022-134    || [[Reverse_Social_Engineering  ]]    || 8    || TTP
|- 
|    CAT-2022-133    || [[Pretext-Pretexting  ]]    || 8    || TTP
|- 
|    CAT-2022-132    || [[Phishing  ]]    || 8    || TTP
|- 
|    CAT-2022-131    || [[Impersonation_Scam  ]]    || 8    || TTP
|- 
|    CAT-2022-130    || [[Honey_Trap  ]]    || 8    || TTP
|- 
|    CAT-2022-129    || [[Honey_Token  ]]    || 8    || TTP
|- 
|    CAT-2022-128    || [[Honey_Pot  ]]    || 8    || TTP
|- 
|    CAT-2022-127    || [[Honey_Phish  ]]    || 8    || TTP
|- 
|    CAT-2022-126    || [[Greenwashing  ]]    || 8    || TTP
|- 
|    CAT-2022-125    || [[Gaslighting  ]]    || 8    || TTP
|- 
|    CAT-2022-124    || [[Cognitive_Malware_Injection  ]]    || 8    || TTP
|- 
|    CAT-2022-123    || [[Clone_Phishing  ]]    || 8    || TTP
|- 
|    CAT-2022-122    || [[Astro-Turfing  ]]    || 8    || TTP
|- 
|    CAT-2022-121    || [[Transmission_Error  ]]    || 8    || Vulnerability
|- 
|    CAT-2022-120    || [[Mis-Addressed_Email  ]]    || 8    || Vulnerability
|- 
|    CAT-2022-119    || [[Loss_Error  ]]    || 8    || Vulnerability
|- 
|    CAT-2022-118    || [[Leakage_Errors  ]]    || 8    || Vulnerability
|- 
|    CAT-2022-117    || [[Disposal_Errors  ]]    || 8    || Vulnerability
|- 
|    CAT-2022-116    || [[Configuration_Error  ]]    || 8    || Vulnerability
|- 
|    CAT-2022-115    || [[Curiosity  ]]    || 8    || Vulnerability
|- 
|    CAT-2022-114    || [[Zeigarnik_Effect  ]]    || 8    || Vulnerability
|- 
|    CAT-2022-113    || [[Whorfianism  ]]    || 8    || Vulnerability
|- 
|    CAT-2022-112    || [[von_Restorff_Effect  ]]    || 8    || Vulnerability
|- 
|    CAT-2022-111    || [[Unfinished-Magnetizer  ]]    || 8    || Exploit
|- 
|    CAT-2022-110    || [[Suggestion  ]]    || 8    || TTP
|- 
|    CAT-2022-109    || [[Subjective_Validation  ]]    || 8    || Vulnerability
|- 
|    CAT-2022-108    || [[Straw_Man-Argument  ]]    || 8    || TTP
|- 
|    CAT-2022-107    || [[Status_Quo_Bias  ]]    || 8    || Vulnerability
|- 
|    CAT-2022-106    || [[Spotlight_Effect  ]]    || 8    || Vulnerability
|- 
|    CAT-2022-105    || [[Spacing_Effect  ]]    || 8    || Exploit
|- 
|    CAT-2022-104    || [[Source_Monitoring_Error  ]]    || 8    || Vulnerability
|- 
|    CAT-2022-103    || [[Serial_Position_Effect  ]]    || 8    || Vulnerability
|- 
|    CAT-2022-102    || [[Self-Serving_Bias  ]]    || 8    || Vulnerability
|- 
|    CAT-2022-101    || [[Self-Relevance_Effect  ]]    || 8    || Vulnerability
|- 
|    CAT-2022-100    || [[Search_Engine_Manipulation_Effect  ]]    || 8    || Exploit
|- 
|    CAT-2022-099    || [[Satisficing  ]]    || 8    || Vulnerability
|- 
|    CAT-2022-098    || [[Risk_Homeostasis  ]]    || 8    || Vulnerability
|- 
|    CAT-2022-097    || [[Relativism  ]]    || 8    || Vulnerability
|- 
|    CAT-2022-096    || [[Probability_Blindness  ]]    || 8    || Vulnerability
|- 
|    CAT-2022-095    || [[Pre-Suasion  ]]    || 8    || Exploit
|- 
|    CAT-2022-094    || [[Planning_Fallacy  ]]    || 8    || Vulnerability
|- 
|    CAT-2022-093    || [[Peak-End_Rule  ]]    || 8    || Vulnerability
|- 
|    CAT-2022-092    || [[Overconfidence  ]]    || 8    || Vulnerability
|- 
|    CAT-2022-091    || [[Optimism_Bias  ]]    || 8    || Vulnerability
|- 
|    CAT-2022-090    || [[Omission_Bias  ]]    || 8    || Vulnerability
|- 
|    CAT-2022-089    || [[Next-In-Line-Effect  ]]    || 8    || Vulnerability
|- 
|    CAT-2022-088    || [[Neglect_of_Probability  ]]    || 8    || Vulnerability
|- 
|    CAT-2022-087    || [[Negativity_Bias  ]]    || 8    || Vulnerability
|- 
|    CAT-2022-086    || [[Narrative_Influence  ]]    || 8    || Exploit
|- 
|    CAT-2022-085    || [[Mystery_Magnetizer  ]]    || 8    || Exploit
|- 
|    CAT-2022-084    || [[Mother_Teresa_Effect  ]]    || 8    || Vulnerability
|- 
|    CAT-2022-083    || [[Mood-Congruent_Memory  ]]    || 8    || Vulnerability
|- 
|    CAT-2022-082    || [[Mental_Set  ]]    || 8    || Vulnerability
|- 
|    CAT-2022-081    || [[Malware-Induced_Misperception_Attack  ]]    || 8    || TTP
|- 
|    CAT-2022-080    || [[Self-Relevance-Magnetizer  ]]    || 8    || Exploit
|- 
|    CAT-2022-079    || [[Loss_Aversion  ]]    || 8    || Vulnerability
|- 
|    CAT-2022-078    || [[Levels-of-Processing_Effect  ]]    || 8    || Vulnerability
|- 
|    CAT-2022-077    || [[Leveling_and_Sharpening  ]]    || 8    || Vulnerability
|- 
|    CAT-2022-076    || [[Involuntary_Musical_Imagery  ]]    || 8    || Exploit
|- 
|    CAT-2022-075    || [[Involuntary_Memory  ]]    || 8    || Vulnerability
|- 
|    CAT-2022-074    || [[Inoculation_Effect  ]]    || 8    || Exploit
|- 
|    CAT-2022-073    || [[Illusory_Correlation  ]]    || 8    || Vulnerability
|- 
|    CAT-2022-072    || [[Illusion_of_Control  ]]    || 8    || Vulnerability
|- 
|    CAT-2022-071    || [[IKEA_Effect  ]]    || 8    || Vulnerability
|- 
|    CAT-2022-070    || [[Hyperbolic_Discounting  ]]    || 8    || Vulnerability
|- 
|    CAT-2022-069    || [[Hindsight_Bias  ]]    || 8    || Vulnerability
|- 
|    CAT-2022-068    || [[Halo_Effect  ]]    || 8    || Vulnerability
|- 
|    CAT-2022-067    || [[Gambler's_Fallacy  ]]    || 8    || Vulnerability
|- 
|    CAT-2022-066    || [[Fundamental_Attribution_Error  ]]    || 8    || Vulnerability
|- 
|    CAT-2022-065    || [[Functional_Fixedness  ]]    || 8    || Vulnerability
|- 
|    CAT-2022-064    || [[Frequency_Illusion  ]]    || 8    || Vulnerability
|- 
|    CAT-2022-063    || [[Framing_Effect  ]]    || 8    || Vulnerability
|- 
|    CAT-2022-062    || [[Foot-In-the-Door_Technique  ]]    || 8    || TTP
|- 
|    CAT-2022-061    || [[Fear_of_Missing_Out  ]]    || 8    || Exploit
|- 
|    CAT-2022-060    || [[False_Uniqueness_Bias  ]]    || 8    || Vulnerability
|- 
|    CAT-2022-059    || [[False_Memory  ]]    || 8    || Vulnerability
|- 
|    CAT-2022-058    || [[False_Consensus_Effect  ]]    || 8    || Vulnerability
|- 
|    CAT-2022-057    || [[Endowment_Effect  ]]    || 8    || Vulnerability
|- 
|    CAT-2022-056    || [[Egocentric_Bias  ]]    || 8    || Vulnerability
|- 
|    CAT-2022-055    || [[Ear_Worm  ]]    || 8    || Exploit
|- 
|    CAT-2022-054    || [[Dunning–Kruger_Effect  ]]    || 8    || Vulnerability
|- 
|    CAT-2022-053    || [[Dread_Aversion  ]]    || 8    || Vulnerability
|- 
|    CAT-2022-052    || [[Default_Bias  ]]    || 8    || Vulnerability
|- 
|    CAT-2022-051    || [[Decoy_Effect  ]]    || 8    || Exploit
|- 
|    CAT-2022-050    || [[Decision_Fatigue  ]]    || 8    || Vulnerability
|- 
|    CAT-2022-049    || [[Context_Dependent_Memory  ]]    || 8    || Vulnerability
|- 
|    CAT-2022-048    || [[Confirmation_Bias  ]]    || 8    || Vulnerability
|- 
|    CAT-2022-047    || [[Cognitive_Malware  ]]    || 8    || Exploit
|- 
|    CAT-2022-046    || [[Cognitive_Dissonance  ]]    || 8    || Vulnerability
|- 
|    CAT-2022-045    || [[Cognitive_Deception  ]]    || 8    || Exploit
|- 
|    CAT-2022-044    || [[Clustering_Illusion  ]]    || 8    || Vulnerability
|- 
|    CAT-2022-043    || [[Classical_Conditioning  ]]    || 8    || Exploit
|- 
|    CAT-2022-042    || [[Ben_Franklin_Effect  ]]    || 8    || Exploit
|- 
|    CAT-2022-041    || [[Belief_Bias  ]]    || 8    || Vulnerability
|- 
|    CAT-2022-040    || [[Base_Rate_Neglect  ]]    || 8    || Vulnerability
|- 
|    CAT-2022-039    || [[Barnum_Statement  ]]    || 8    || TTP
|- 
|    CAT-2022-038    || [[Availability_Heuristic  ]]    || 8    || Vulnerability
|- 
|    CAT-2022-037    || [[Anchoring  ]]    || 8    || Vulnerability
|- 
|    CAT-2022-036    || [[Ambiguous_Self_Induced_Disinformation_Attack  ]]    || 8    || TTP
|- 
|    CAT-2022-035    || [[Ambient_Tactical_Deception_Attacks  ]]    || 8    || TTP
|- 
|    CAT-2022-034    || [[Actor-Observer_Bias  ]]    || 8    || Vulnerability
|- 
|    CAT-2022-033    || [[Wikijacking  ]]    || 8    || TTP
|- 
|    CAT-2022-032    || [[Wi-Fi_Evil_Twin  ]]    || 8    || TTP
|- 
|    CAT-2022-031    || [[Water_Hole_Attack  ]]    || 8    || TTP
|- 
|    CAT-2022-030    || [[Typosquatting  ]]    || 8    || TTP
|- 
|    CAT-2022-029    || [[Social_Phishing  ]]    || 8    || TTP
|- 
|    CAT-2022-028    || [[Lateral_Phishing  ]]    || 8    || TTP
|- 
|    CAT-2022-027    || [[Fluency_Effect  ]]    || 8    || Vulnerability
|- 
|    CAT-2022-026    || [[Familiarity  ]]    || 8    || Vulnerability
|- 
|    CAT-2022-025    || [[Brandjacking  ]]    || 8    || TTP
|- 
|    CAT-2022-024    || [[DELETED DUE TO REDUNDANCY ]]    ||     ||
|- 
|    CAT-2022-023    || [[Trick_Questions  ]]    || 8    || TTP
|- 
|    CAT-2022-022    || [[Spam  ]]    || 8    || TTP
|- 
|    CAT-2022-021    || [[Sneak_into_Basket  ]]    || 8    || TTP
|- 
|    CAT-2022-020    || [[Scareware  ]]    || 8    || TTP
|- 
|    CAT-2022-019    || [[Roach_Motel  ]]    || 8    || TTP
|- 
|    CAT-2022-018    || [[Privacy_Zuckering  ]]    || 8    || TTP
|- 
|    CAT-2022-017    || [[Price_Comparison_Prevention  ]]    || 8    || TTP
|- 
|    CAT-2022-016    || [[Persuasive_Technology  ]]    || 8    || TTP
|- 
|    CAT-2022-015    || [[Mouse-Trapping  ]]    || 8    || TTP
|- 
|    CAT-2022-014    || [[Misdirection-Distraction  ]]    || 8    || Exploit
|- 
|    CAT-2022-013    || [[Malvertisement  ]]    || 8    || TTP
|- 
|    CAT-2022-012    || [[Hidden_Costs  ]]    || 8    || TTP
|- 
|    CAT-2022-011    || [[Friend_Spam  ]]    || 8    || TTP
|- 
|    CAT-2022-010    || [[Forced_Continuity  ]]    || 8    || TTP
|- 
|    CAT-2022-009    || [[Disguised_Ads  ]]    || 8    || TTP
|- 
|    CAT-2022-008    || [[Dark_Design_Patterns  ]]    || 8    || TTP
|- 
|    CAT-2022-007    || [[Confirm_Shaming  ]]    || 8    || TTP
|- 
|    CAT-2022-006    || [[Click-Bait  ]]    || 8    || TTP
|- 
|    CAT-2022-005    || [[Bait_and_Switch  ]]    || 8    || TTP
|- 
|    CAT-2022-004    || [[Addictive_Technology  ]]    || 8    || TTP
|- 
|    CAT-2022-003    || [[Nudging  ]]    || 8    || TTP
|- 
|    CAT-2022-002    || [[Forcing_Function  ]]    || 8    || TTP
|- 
|    CAT-2022-001    || [[Fogg_Model_of_Behavior  ]]    || 8    || Tool / TTP
|- 
|    CAT-2021-010    || [[Excitement-Appeal_to  ]]    || 8    || Exploit
|- 
|    CAT-2021-009    || [[Low_Agreeableness  ]]    || 8    || Vulnerability
|- 
|    CAT-2021-008    || [[Low_Extraversion  ]]    || 8    || Vulnerability
|- 
|    CAT-2021-007    || [[Low_Conscientiousness  ]]    || 8    || Vulnerability
|- 
|    CAT-2021-012    || [[Reciprocation  ]]    || 8    || Exploit
|- 
|    CAT-2021-011    || [[Authority  ]]    || 8    || Exploit
|- 
|    CAT-2021-006    || [[Low_Openness  ]]    || 8    || Vulnerability
|- 
|    CAT-2021-005    || [[High_Neuroticism  ]]    || 8    || Vulnerability
|- 
|    CAT-2021-004    || [[High_Agreeableness  ]]    || 8    || Vulnerability
|- 
|    CAT-2021-003    || [[High_Extraversion  ]]    || 8    || Vulnerability
|- 
|    CAT-2021-002    || [[High_Conscientiousness  ]]    || 8    || Vulnerability
|- 
|    CAT-2021-001    || [[High_Openness]]    || 8    || Vulnerability
|-
|}


== Using Media Wiki ==
== Using Media Wiki ==

Latest revision as of 17:59, 19 November 2024

The Cognitive Attack Taxonomy (CAT)


Visit the Cognitive Security Institute to learn more about cognitive security and related topics!
Learn how to interpret the Cognitive Attack Taxonomy here.

CAT ID CAT Name Layer Category
CAT-2024-010 QRishing 8 TTP
CAT-2024-007 Need to Correct 8 Vulnerability
CAT-2024-006 Regulatory Capture 10 Exploit
CAT-2024-005 Perjury_Trap 8, 10 TTP
CAT-2024-004 Stroop_Test 8 TTP
CAT-2024-003 False_Feedback_Injection 7 TTP
CAT-2024-002 Sleeper_Agent_Attack 7 TTP
CAT-2024-001 Evil_Eve_Attack 7 TTP
CAT-2024-008 Positive_Test_Strategy 8 Vulnerability
CAT-2024-010 Hyperstition 8 Vulnerability
CAT-2024-009 Psychological_Chuting 8 Exploit
CAT-2023-018 Repeated_Exposure 8 Exploit
CAT-2023-017 Model_Extraction_Attacks 7 TTP
CAT-2023-016 Model_Theft 7 TTP
CAT-2023-015 Data_Reconstruction 7 Exploit
CAT-2023-014 Model_Inversion_Attack 7 Exploit
CAT-2023-013 Membership_Inference_Attack 7 Exploit
CAT-2023-012 Adversarial_Examples 7 Exploit
CAT-2023-011 Evasion_Attacks 7 TTP
CAT-2023-010 Input_Manipulation_Attack 7 TTP
CAT-2023-009 Backdoor_Attacks 7 TTP
CAT-2023-008 Trigger_Based_Attack 7 TTP
CAT-2023-007 Training_Data_Poisoning_Attack 7 TTP
CAT-2023-006 Campbell’s_Law 9 Vulnerability
CAT-2023-005 Training_Data_Poisoning 7 Exploit
CAT-2023-004 Suffix_Injection 7 TTP
CAT-2023-003 Sensitive_Information_Disclosure 8 Vulnerability
CAT-2023-002 Prompt_Injection 7 TTP
CAT-2023-001 Overreliance_on_Automation 8 Vulnerability
CAT-2022-321 Impulsivity 8 Vulnerability
CAT-2022-320 Excessive_Agency 8 Vulnerability
CAT-2022-319 Emoji_Injection 7, 8 TTP
CAT-2022-318 Culture_Jamming 8 TTP
CAT-2022-317 Chain-Of-Thought_Manipulation 7 TTP
CAT-2022-316 Network_Ambiance_Attack 8 TTP
CAT-2022-315 Maskarovka 8 TTP
CAT-2022-314 Reflexive_Control 8 TTP
CAT-2022-313 Zone_Flooding 8 TTP
CAT-2022-312 Incrementalism 8, 9 Exploit
CAT-2022-311 Compliance-Ladder 8 TTP
CAT-2022-310 Yes-Ladder 8 TTP
CAT-2022-309 Wing 8 TTP
CAT-2022-308 Whorfian_Attack 8 Exploit
CAT-2022-307 Venue_Change 8 TTP
CAT-2022-306 Trance-Words 8 TTP
CAT-2022-305 Tainted_Leak 8 TTP
CAT-2022-304 Social_Engineering_Toolkit 8 TTP
CAT-2022-303 Slander_Attack 8 TTP
CAT-2022-302 Sandbagging 8 TTP
CAT-2022-301 Reframing 8 TTP
CAT-2022-300 Prop 8 TTP
CAT-2022-299 Preloading 8 TTP
CAT-2022-298 Pendant_Anchoring 8 TTP
CAT-2022-297 Open-Ended_Question 8 TTP
CAT-2022-296 Negging 8 TTP
CAT-2022-295 Multi-Channel_Attack 8 TTP
CAT-2022-294 Mirroring 8 TTP
CAT-2022-293 Micro_Expression 8 Vulnerability
CAT-2022-292 Maltego 8 Tool / TTP
CAT-2022-291 Leading_Question 8 TTP
CAT-2022-290 Journobaiting 8 TTP
CAT-2022-289 Ice_Breaker 8 TTP
CAT-2022-288 Hot_Reading 8 TTP
CAT-2022-287 Honey_Channels 8 TTP
CAT-2022-286 Functional_Opener 8 TTP
CAT-2022-285 Forcing 8 Exploit
CAT-2022-284 Firehose_of_Falsehood 8 TTP
CAT-2022-283 False_Time_Constraint 8 TTP
CAT-2022-282 False_Flag 8 TTP
CAT-2022-281 Eject_with_Explanation 8 TTP
CAT-2022-280 Double_Switch 8 TTP
CAT-2022-279 Deception-in-Depth 8, 9 TTP
CAT-2022-278 Conversational_Threading 8 TTP
CAT-2022-277 Cold_Reading 8 TTP
CAT-2022-276 Buscador 8 Tool / TTP
CAT-2022-275 Brushing 8, 9 TTP
CAT-2022-274 Baiting-Trolling 8 TTP
CAT-2022-273 Anchor-NLP_Technique 8 TTP
CAT-2022-272 Active_Indicator_Probe 8 TTP
CAT-2022-271 Accomplished_Introduction 8 TTP
CAT-2022-270 Operant_Conditioning 8 Exploit
CAT-2022-269 Neoteny 8 Vulnerability
CAT-2022-268 Need 8 Vulnerability
CAT-2022-267 Need_&_Greed_Attack 8 Exploit
CAT-2022-266 Fear 8 Vulnerability
CAT-2022-265 Jolly_Roger_Bot 8 Tool / TTP
CAT-2022-264 eWhoring 8 TTP
CAT-2022-263 Synthetic_Media_Social_Engineering 8 TTP
CAT-2022-262 Deepfake_Social_Engineering 8 TTP
CAT-2022-261 Virus_Hoax 8 TTP
CAT-2022-260 Virtual_Kidnapping 8 TTP
CAT-2022-259 Telemarketing_Scam 8 TTP
CAT-2022-258 Tech_Support_Scam 8 TTP
CAT-2022-257 Romance_Scam 8 TTP
CAT-2022-256 Hoax_Virus 8 TTP
CAT-2022-255 Gift-Card_Scam 8 TTP
CAT-2022-254 Crab_Phishing 8 TTP
CAT-2022-253 Cat_Fishing 8 TTP
CAT-2022-252 Business_Email_Compromise 8, 9 TTP
CAT-2022-251 Advance_Fee_Scam 8 TTP
CAT-2022-250 War_Shipping 8, 9 TTP
CAT-2022-249 Tailgating 8 TTP
CAT-2022-248 Snail_Mail_Attack 8 TTP
CAT-2022-247 Shoulder_Surfing 8 TTP
CAT-2022-246 Dumpster_Diving 8, 9 TTP
CAT-2022-245 Baiting-Drop 8 TTP
CAT-2022-244 Assistance_Ploy 8 Exploit
CAT-2022-243 Robot_Social_Engineering 8 TTP
CAT-2022-242 Dolphin_Attack 8 Exploit
CAT-2022-241 Acoustic_Attack 8 TTP
CAT-2022-240 Robo_Calling 8 TTP
CAT-2022-239 Spamigation 10 TTP
CAT-2022-238 Strategic_Lawsuit_Against_Public_Participation 10 TTP
CAT-2022-237 Patent_Trolling 10 TTP
CAT-2022-236 Legal_Loophole 10 Vulnerability
CAT-2022-235 Lawfare 10 Exploit
CAT-2022-234 Supply_Chain_Attack 9 Exploit
CAT-2022-233 Shadow_Security 9 Vulnerability
CAT-2022-232 Shadow_IT 9 Vulnerability
CAT-2022-231 Shadow_AP 9 Vulnerability
CAT-2022-230 Escalation_Attack 9 TTP
CAT-2022-229 Cybersquatting 9 TTP
CAT-2022-228 Spectrum_of_Allies 8 TTP
CAT-2022-227 Unity 8 Vulnerability
CAT-2022-226 Social_Proof 8 Vulnerability
CAT-2022-225 Scarcity 8 Vulnerability
CAT-2022-224 Reversing_Authority 8 TTP
CAT-2022-223 Reciprocity-Need_for 8 Vulnerability
CAT-2022-222 Pawn-Pivot 8 TTP
CAT-2022-221 Party_Crashing 8 TTP
CAT-2022-220 Liking 8 Vulnerability
CAT-2022-219 Door-in-the-Face_Technique 8 TTP
CAT-2022-218 Commitment-Consistency 8 Vulnerability
CAT-2022-217 Bandwagon_Effect 8 Exploit
CAT-2022-216 Authority-Deference_to 8 Vulnerability
CAT-2022-215 Assistance-Need_to_Provide 8 Vulnerability
CAT-2022-214 Network_Affect_Contagion 7, 8 Vulnerability
CAT-2022-213 Wall_Banging 8 TTP
CAT-2022-212 Trolling 8 TTP
CAT-2022-211 Trevor's_Axiom 8 Exploit
CAT-2022-210 Sympathy 8 Vulnerability
CAT-2022-209 Streisand_Effect 8 Vulnerability
CAT-2022-208 Stereotyping 8 Vulnerability
CAT-2022-207 Social_Desirability_Bias 8 Vulnerability
CAT-2022-206 Outgroup_Homogeneity_Bias 8 Vulnerability
CAT-2022-205 Network_Manipulated_Affect 8 Vulnerability
CAT-2022-204 Mass_Psychogenic_Illness 8 Vulnerability
CAT-2022-203 Ingroup_Bias 8 Vulnerability
CAT-2022-202 Zombification 8 Exploit
CAT-2022-201 Strobe_Attack 8 TTP
CAT-2022-200 Sonic_Area_Denial 8 TTP
CAT-2022-199 P300_Guilty_Knowledge_Test 8 TTP
CAT-2022-198 Interoceptive_Bias 8 Vulnerability
CAT-2022-197 Tab-Napping 8 TTP
CAT-2022-196 Prevalence_Paradox 8 Vulnerability
CAT-2022-195 Noise_Injection 8, 9 TTP
CAT-2022-194 Human_Buffer_Overflow 8 Exploit
CAT-2022-193 Gray_Signal_Attacks 8 TTP
CAT-2022-192 Focusing_Effect 8 Vulnerability
CAT-2022-191 Distracted_Approach-Distraction 8 TTP
CAT-2022-190 Boredom 8 Vulnerability
CAT-2022-189 Automaticity 8 Vulnerability
CAT-2022-188 Video_Puppetry 8 TTP
CAT-2022-187 Social_Jacking 8 TTP
CAT-2022-186 Perceptual_Deception 8 Vulnerability
CAT-2022-185 Like_Jacking 8 TTP
CAT-2022-184 IDN_Homograph_Attack 8 TTP
CAT-2022-183 Clickjacking 8 TTP
CAT-2022-182 Traitor_Tracing 8 TTP
CAT-2022-181 Ignorance 8 Vulnerability
CAT-2022-180 File_Masquerading 8, 9 TTP
CAT-2022-179 We_Know_All 8 TTP
CAT-2022-178 Silence 8 TTP
CAT-2022-177 Sensory_Matching 8 TTP
CAT-2022-176 Secret_Knowledge 8 TTP
CAT-2022-175 Rubber-Hose_Cryptanalysis 8 Exploit
CAT-2022-174 Repetition 8 TTP
CAT-2022-173 Repeat-a-Word 8 TTP
CAT-2022-172 Rapid_Fire 8 TTP
CAT-2022-171 Quid_Pro_Quo 8 TTP
CAT-2022-170 Provocative_Statement 8 TTP
CAT-2022-169 Pride_and_Ego_Approach 8 TTP
CAT-2022-168 Oblique_Reference 8 TTP
CAT-2022-167 Neuro-Linguistic_Programming 8 Exploit
CAT-2022-166 Naïve_Mentality 8 TTP
CAT-2022-165 Incentive_Approach 8 TTP
CAT-2022-164 Hour_Glass_Method 8 TTP
CAT-2022-163 Futility 8 TTP
CAT-2022-162 Flattery 8 TTP
CAT-2022-161 File_and_Dossier 8 TTP
CAT-2022-160 Fear-Up_Approach 8 TTP
CAT-2022-159 Fear-Down_Approach 8 TTP
CAT-2022-158 Ethical_Dilemma 8 TTP
CAT-2022-157 Establish_Your_Identity 8 TTP
CAT-2022-156 Emotional_Approach 8 TTP
CAT-2022-155 Elicitation_of_Information 8 TTP
CAT-2022-154 Disbelief 8 TTP
CAT-2022-153 Direct_Approach 8 TTP
CAT-2022-152 Deliberate_False_Statement 8 TTP
CAT-2022-151 Criticism 8 TTP
CAT-2022-150 Complaining-Tendency 8 Vulnerability
CAT-2022-149 Change_of_Scene 8 TTP
CAT-2022-148 Whaling 8 TTP
CAT-2022-147 Tailored_Messaging 8 TTP
CAT-2022-146 Sniper_Ad_Targeting 8 TTP
CAT-2022-145 Pluridentity_Attack 7,8,9,10 Exploit
CAT-2022-144 Inference_Attack 7,8,9,10 Exploit
CAT-2022-143 Data_Vulnerability 8 Vulnerability
CAT-2022-142 Vishing 8 TTP
CAT-2022-141 Spear_Phishing 8 TTP
CAT-2022-140 Sock-Puppetry 8 TTP
CAT-2022-139 SMSishing 8 TTP
CAT-2022-138 Shilling_Attack 9 TTP
CAT-2022-137 Shill 8 TTP
CAT-2022-136 Semantic_Attack 7, 8, 9 Exploit
CAT-2022-135 Scambaiting 8 TTP
CAT-2022-134 Reverse_Social_Engineering 8 TTP
CAT-2022-133 Pretext-Pretexting 8 TTP
CAT-2022-132 Phishing 8 TTP
CAT-2022-131 Impersonation_Scam 8 TTP
CAT-2022-130 Honey_Trap 8 TTP
CAT-2022-129 Honey_Token 8 TTP
CAT-2022-128 Honey_Pot 8 TTP
CAT-2022-127 Honey_Phish 8 TTP
CAT-2022-126 Greenwashing 8 TTP
CAT-2022-125 Gaslighting 8 TTP
CAT-2022-124 Cognitive_Malware_Injection 8 TTP
CAT-2022-123 Clone_Phishing 8 TTP
CAT-2022-122 Astro-Turfing 8 TTP
CAT-2022-121 Transmission_Error 8 Vulnerability
CAT-2022-120 Mis-Addressed_Email 8 Vulnerability
CAT-2022-119 Loss_Error 8 Vulnerability
CAT-2022-118 Leakage_Errors 8 Vulnerability
CAT-2022-117 Disposal_Errors 8 Vulnerability
CAT-2022-116 Configuration_Error 8 Vulnerability
CAT-2022-115 Curiosity 8 Vulnerability
CAT-2022-114 Zeigarnik_Effect 8 Vulnerability
CAT-2022-113 Whorfianism 8 Vulnerability
CAT-2022-112 von_Restorff_Effect 8 Vulnerability
CAT-2022-111 Unfinished-Magnetizer 8 Exploit
CAT-2022-110 Suggestion 8 TTP
CAT-2022-109 Subjective_Validation 8 Vulnerability
CAT-2022-108 Straw_Man-Argument 8 TTP
CAT-2022-107 Status_Quo_Bias 8 Vulnerability
CAT-2022-106 Spotlight_Effect 8 Vulnerability
CAT-2022-105 Spacing_Effect 8 Exploit
CAT-2022-104 Source_Monitoring_Error 8 Vulnerability
CAT-2022-103 Serial_Position_Effect 8 Vulnerability
CAT-2022-102 Self-Serving_Bias 8 Vulnerability
CAT-2022-101 Self-Relevance_Effect 8 Vulnerability
CAT-2022-100 Search_Engine_Manipulation_Effect 8 Exploit
CAT-2022-099 Satisficing 8 Vulnerability
CAT-2022-098 Risk_Homeostasis 8 Vulnerability
CAT-2022-097 Relativism 8 Vulnerability
CAT-2022-096 Probability_Blindness 8 Vulnerability
CAT-2022-095 Pre-Suasion 8 Exploit
CAT-2022-094 Planning_Fallacy 8 Vulnerability
CAT-2022-093 Peak-End_Rule 8 Vulnerability
CAT-2022-092 Overconfidence 8 Vulnerability
CAT-2022-091 Optimism_Bias 8 Vulnerability
CAT-2022-090 Omission_Bias 8 Vulnerability
CAT-2022-089 Next-In-Line-Effect 8 Vulnerability
CAT-2022-088 Neglect_of_Probability 8 Vulnerability
CAT-2022-087 Negativity_Bias 8 Vulnerability
CAT-2022-086 Narrative_Influence 8 Exploit
CAT-2022-085 Mystery_Magnetizer 8 Exploit
CAT-2022-084 Mother_Teresa_Effect 8 Vulnerability
CAT-2022-083 Mood-Congruent_Memory 8 Vulnerability
CAT-2022-082 Mental_Set 8 Vulnerability
CAT-2022-081 Malware-Induced_Misperception_Attack 8 TTP
CAT-2022-080 Self-Relevance-Magnetizer 8 Exploit
CAT-2022-079 Loss_Aversion 8 Vulnerability
CAT-2022-078 Levels-of-Processing_Effect 8 Vulnerability
CAT-2022-077 Leveling_and_Sharpening 8 Vulnerability
CAT-2022-076 Involuntary_Musical_Imagery 8 Exploit
CAT-2022-075 Involuntary_Memory 8 Vulnerability
CAT-2022-074 Inoculation_Effect 8 Exploit
CAT-2022-073 Illusory_Correlation 8 Vulnerability
CAT-2022-072 Illusion_of_Control 8 Vulnerability
CAT-2022-071 IKEA_Effect 8 Vulnerability
CAT-2022-070 Hyperbolic_Discounting 8 Vulnerability
CAT-2022-069 Hindsight_Bias 8 Vulnerability
CAT-2022-068 Halo_Effect 8 Vulnerability
CAT-2022-067 Gambler's_Fallacy 8 Vulnerability
CAT-2022-066 Fundamental_Attribution_Error 8 Vulnerability
CAT-2022-065 Functional_Fixedness 8 Vulnerability
CAT-2022-064 Frequency_Illusion 8 Vulnerability
CAT-2022-063 Framing_Effect 8 Vulnerability
CAT-2022-062 Foot-In-the-Door_Technique 8 TTP
CAT-2022-061 Fear_of_Missing_Out 8 Exploit
CAT-2022-060 False_Uniqueness_Bias 8 Vulnerability
CAT-2022-059 False_Memory 8 Vulnerability
CAT-2022-058 False_Consensus_Effect 8 Vulnerability
CAT-2022-057 Endowment_Effect 8 Vulnerability
CAT-2022-056 Egocentric_Bias 8 Vulnerability
CAT-2022-055 Ear_Worm 8 Exploit
CAT-2022-054 Dunning–Kruger_Effect 8 Vulnerability
CAT-2022-053 Dread_Aversion 8 Vulnerability
CAT-2022-052 Default_Bias 8 Vulnerability
CAT-2022-051 Decoy_Effect 8 Exploit
CAT-2022-050 Decision_Fatigue 8 Vulnerability
CAT-2022-049 Context_Dependent_Memory 8 Vulnerability
CAT-2022-048 Confirmation_Bias 8 Vulnerability
CAT-2022-047 Cognitive_Malware 8 Exploit
CAT-2022-046 Cognitive_Dissonance 8 Vulnerability
CAT-2022-045 Cognitive_Deception 8 Exploit
CAT-2022-044 Clustering_Illusion 8 Vulnerability
CAT-2022-043 Classical_Conditioning 8 Exploit
CAT-2022-042 Ben_Franklin_Effect 8 Exploit
CAT-2022-041 Belief_Bias 8 Vulnerability
CAT-2022-040 Base_Rate_Neglect 8 Vulnerability
CAT-2022-039 Barnum_Statement 8 TTP
CAT-2022-038 Availability_Heuristic 8 Vulnerability
CAT-2022-037 Anchoring 8 Vulnerability
CAT-2022-036 Ambiguous_Self_Induced_Disinformation_Attack 8 TTP
CAT-2022-035 Ambient_Tactical_Deception_Attacks 8 TTP
CAT-2022-034 Actor-Observer_Bias 8 Vulnerability
CAT-2022-033 Wikijacking 8 TTP
CAT-2022-032 Wi-Fi_Evil_Twin 8 TTP
CAT-2022-031 Water_Hole_Attack 8 TTP
CAT-2022-030 Typosquatting 8 TTP
CAT-2022-029 Social_Phishing 8 TTP
CAT-2022-028 Lateral_Phishing 8 TTP
CAT-2022-027 Fluency_Effect 8 Vulnerability
CAT-2022-026 Familiarity 8 Vulnerability
CAT-2022-025 Brandjacking 8 TTP
CAT-2022-024 DELETED DUE TO REDUNDANCY
CAT-2022-023 Trick_Questions 8 TTP
CAT-2022-022 Spam 8 TTP
CAT-2022-021 Sneak_into_Basket 8 TTP
CAT-2022-020 Scareware 8 TTP
CAT-2022-019 Roach_Motel 8 TTP
CAT-2022-018 Privacy_Zuckering 8 TTP
CAT-2022-017 Price_Comparison_Prevention 8 TTP
CAT-2022-016 Persuasive_Technology 8 TTP
CAT-2022-015 Mouse-Trapping 8 TTP
CAT-2022-014 Misdirection-Distraction 8 Exploit
CAT-2022-013 Malvertisement 8 TTP
CAT-2022-012 Hidden_Costs 8 TTP
CAT-2022-011 Friend_Spam 8 TTP
CAT-2022-010 Forced_Continuity 8 TTP
CAT-2022-009 Disguised_Ads 8 TTP
CAT-2022-008 Dark_Design_Patterns 8 TTP
CAT-2022-007 Confirm_Shaming 8 TTP
CAT-2022-006 Click-Bait 8 TTP
CAT-2022-005 Bait_and_Switch 8 TTP
CAT-2022-004 Addictive_Technology 8 TTP
CAT-2022-003 Nudging 8 TTP
CAT-2022-002 Forcing_Function 8 TTP
CAT-2022-001 Fogg_Model_of_Behavior 8 Tool / TTP
CAT-2021-010 Excitement-Appeal_to 8 Exploit
CAT-2021-009 Low_Agreeableness 8 Vulnerability
CAT-2021-008 Low_Extraversion 8 Vulnerability
CAT-2021-007 Low_Conscientiousness 8 Vulnerability
CAT-2021-012 Reciprocation 8 Exploit
CAT-2021-011 Authority 8 Exploit
CAT-2021-006 Low_Openness 8 Vulnerability
CAT-2021-005 High_Neuroticism 8 Vulnerability
CAT-2021-004 High_Agreeableness 8 Vulnerability
CAT-2021-003 High_Extraversion 8 Vulnerability
CAT-2021-002 High_Conscientiousness 8 Vulnerability
CAT-2021-001 High_Openness 8 Vulnerability

Using Media Wiki

Consult the User's Guide for information on using the wiki software.