ITM is an open framework - Submit your contributions now.

Insider Threat Matrix™

  • ID: PV039
  • Created: 13th September 2024
  • Updated: 13th September 2024
  • Contributor: Malik Girondin

Employee Mental Health & Support Program

Offering mental health support and conflict resolution programs to
help employees identify and report manipulative behavior in the
workplace

Sections

ID Name Description
MT012.003Psychological Manipulation

A third party uses deception, exploitation, or other unethical methods to psychologically manipulate a subject over time, with the intent to influence their perceptions, actions, and decisions. This manipulation can lead the subject to, knowingly or unknowingly, act against the organization’s interests.

MT012.005Romantic Seduction

A malicious third party employs romantic interest or seduction as a manipulation tactic. Through emotional and psychological engagement, the third party persuades the subject to reveal confidential information, grant access to restricted resources, or carry out actions detrimental to the organization.

MT012.007Sexual Extortion

A subject is extorted by a third party threatening to expose sexual or indecent images connected to them, a tactic commonly referred to as sextortion. These images may be real, obtained by a third party, AI-generated, ‘deep fake’ images resembling the subject, or entirely fabricated claims. The extortion is typically financially motivated, which can drive the subject to harm the organization for personal gain. Alternatively, the third party may coerce the subject into compromising the organization by revealing sensitive information or granting unauthorized access.

MT012.006Long-Term Relationship Building

A malicious third party gradually builds a relationship with the subject over an extended period, slowly gaining their trust. This trust is then exploited to access sensitive information or systems, often without the knowledge of the subject.

MT012.004Emotional Vulnerability

A subject’s emotional state is exploited by a malicious third party, particularly during periods of heightened stress, grief, or personal hardship. The third party leverages this vulnerability to manipulate the subject into revealing sensitive information or performing actions that could compromise the organization.

MT005.003Financial Desperation

A subject facing financial difficulties attempts to resolve their situation by exploiting their access to or knowledge of the organization. This may involve selling access or information to a third party or conspiring with others to cause harm to the organization for financial gain.

MT012.002Extortion

A third party uses threats or intimidation to demand that a subject divulge information, grant access to devices or systems, or otherwise cause harm or undermine a target organization.

MT012.001Social Engineering (Inbound)

A third party deceptively manipulates and/or persuades a subject to divulge information, or gain access to devices or systems, or to otherwise cause harm or undermine a target organization.