A threat action where an attacker uses misleading or false information to trick an authorized system into believing its authenticity:
- Substitution: The replacement of valid data with false data to deceive an authorized entity
- Insertion: Introducing false data that serves to deceive an authorized object