Home > CAPEC List > CAPEC-404: Social Information Gathering Attacks (Version 2.10)  

CAPEC-404: Social Information Gathering Attacks

Social Information Gathering Attacks
Definition in a New Window Definition in a New Window
Attack Pattern ID: 404
Abstraction: Meta
Status: Draft
Completeness: Stub
Presentation Filter:
+ Summary

An attacker employs various means of gathering information about a target company, organization, or person. These techniques may range from using telephones, gathering trash or other discarded information, intrusion within company property, using the Internet for research, to querying individuals under false or misleading pretenses. A social engineer can use many small pieces of information to combine into a useful vulnerability of a system. Information can be important whether it comes from the janitor's office or from the CEO's office; each piece of paper, employee spoken to or area visited by the social engineer can add up enough information to attain access to sensitive data and resources of the company. The lesson here is all information, no matter how insignificant the employee believes it to be, may assist in creating a vulnerability for a company and an entrance for a social engineer. While the ultimate goal of the attacker may vary the purpose of these attacks is usually to gain access to computer systems or facilities.

+ Typical Severity


+ References
[R.404.1] [REF-30] "The Official Social Engineering Portal". Social-Engineer.org. Tick Tock Computers, LLC. <http://www.social-engineer.org>.
+ Content History
CAPEC Content TeamThe MITRE Corporation2014-06-23Internal_CAPEC_Team
More information is available — Please select a different filter.
Page Last Updated or Reviewed: May 01, 2017