CAPEC-417: Influence Perception

Description
The adversary uses social engineering to exploit the target's perception of the relationship between the adversary and themselves. This goal is to persuade the target to unknowingly perform an action or divulge information that is advantageous to the adversary.
Extended Description

Pretexting can also be used to impersonate people in certain jobs and roles that they never themselves have done. In simple form, these attacks can be leveraged to learn information about a target. More complicated iterations may seek to solicit a target to perform some action that assists the adversary in exploiting organizational weaknesses or obtaining access to secure facilities or systems. Pretexting is not a one-size fits all solution. Good information gathering techniques can make or break a good pretext. A solid pretext is an essential part of building trust. If an adversary’s alias, story, or identity has holes or lacks credibility or even the perception of credibility the target will most likely catch on.

Severity :

Low

Possibility :

High

Type :

Standard
Relationships with other CAPECs

This table shows the other attack patterns and high level categories that are related to this attack pattern.

CAPEC-416: Manipulate Human Behavior Manipulate Human Behavior CAPEC-418: Influence Perception of Reciprocation Influence Perception of Reciprocation CAPEC-420: Influence Perception of Scarcity Influence Perception of Scarcity CAPEC-421: Influence Perception of Authority Influence Perception of Authority CAPEC-422: Influence Perception of Commitment and Consistency Influence Perception of Commitment and Consistency CAPEC-423: Influence Perception of Liking Influence Perception of Liking CAPEC-424: Influence Perception of Consensus or Social Proof Influence Perception of Consensus or Social Proof
Prerequisites

This table shows the other attack patterns and high level categories that are related to this attack pattern.

  • The adversary must have the means and knowledge of how to communicate with the target in some manner.
Skills required

This table shows the other attack patterns and high level categories that are related to this attack pattern.

  • Low The adversary requires strong inter-personal and communication skills.
Taxonomy mappings

Mappings to ATT&CK, OWASP and other frameworks.

Resources required

There are no necessary resources required for this attack.

Related CWE

A Related Weakness relationship associates a weakness with this attack pattern. Each association implies a weakness that must exist for a given attack to be successful.

Visit http://capec.mitre.org/ for more details.