Home > CAPEC List > CAPEC-413: Pretexting via Tech Support (Version 2.11)  

CAPEC-413: Pretexting via Tech Support

 
Pretexting via Tech Support
Definition in a New Window Definition in a New Window
Attack Pattern ID: 413
Abstraction: Detailed
Status: Draft
Completeness: Stub
Presentation Filter:
+ Summary

An adversary engages in pretexting behavior, assuming the role of a tech support worker, to solicit information from target persons, or manipulate the target into performing an action that serves the adversary's interests. An adversary who uses social engineering to impersonate a tech support worker can have devastating effects on a network. This is an effective attack vector, because it can give an adversary physical access to network computers. It only takes a matter of seconds for someone to compromise a computer with physical access. One of the best technological tools at the disposal of a social engineer, posing as a technical support person, is a USB thumb drive. These are small, easy to conceal, and can be loaded with different payloads depending on what task needs to be done. However, this form of attack does not require physical access as it can also be effectively carried out via phone or email.

+ Typical Severity

Low

+ References
[R.413.1] [REF-30] "The Official Social Engineering Portal". Social-Engineer.org. Tick Tock Computers, LLC. <http://www.social-engineer.org>.
+ Content History
Submissions
SubmitterOrganizationDateSource
CAPEC Content TeamThe MITRE Corporation2014-06-23Internal_CAPEC_Team
Modifications
ModifierOrganizationDateCommentsSource
CAPEC Content TeamThe MITRE Corporation2017-08-04Updated Description SummaryInternal

More information is available — Please select a different filter.
Page Last Updated or Reviewed: July 31, 2017