Home > CAPEC List > CAPEC-416: Manipulate Human Behavior (Version 2.11)  

CAPEC-416: Manipulate Human Behavior

 
Manipulate Human Behavior
Definition in a New Window Definition in a New Window
Attack Pattern ID: 416
Abstraction: Meta
Status: Stable
Completeness: Complete
Presentation Filter:
+ Summary

An adversary exploits inherent human psychological predisposition to influence a targeted individual or group to solicit information or manipulate the target into performing an action that serves the adversary's interests. Many interpersonal social engineering techniques do not involve outright deception, although they can; many are subtle ways of manipulating a target to remove barriers, make the target feel comfortable, and produce an exchange in which the target is either more likely to share information directly, or let key information slip out unintentionally. A skilled adversary uses these techniques when appropriate to produce the desired outcome. Manipulation techniques vary from the overt, such as pretending to be a supervisor to a help desk, to the subtle, such as making the target feel comfortable with the adversary's speech and thought patterns.

+ Attack Prerequisites
  • The adversary must have the means and knowledge of how to communicate with the target in some manner.

+ Typical Severity

Medium

+ Typical Likelihood of Exploit

Likelihood: Medium

+ Methods of Attack
  • Social Engineering
+ Solutions and Mitigations

An organization should provide regular, robust cybersecurity training to its employees to prevent successful social engineering attacks.

+ Attack Motivation-Consequences
ScopeTechnical ImpactNote
Confidentiality
Integrity
Availability
"Varies by context"
Attack patterns that manipulate human behavior can result in a wide variety of consequences and potentially affect the confidentiality, availability, and/or integrity of an application or system.
+ References
[R.416.1] [REF-30] "The Official Social Engineering Portal". Social-Engineer.org. Tick Tock Computers, LLC. <http://www.social-engineer.org>.
+ Content History
Submissions
SubmitterOrganizationDateSource
CAPEC Content TeamThe MITRE Corporation2014-06-23Internal_CAPEC_Team
Modifications
ModifierOrganizationDateCommentsSource
CAPEC Content TeamThe MITRE Corporation2017-05-01Updated Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, Methods_of_Attack, Solutions_and_Mitigations, Typical_Likelihood_of_ExploitInternal
CAPEC Content TeamThe MITRE Corporation2017-08-04Updated Attack_Motivation-Consequences, Description Summary, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit, Typical_SeverityInternal
Previous Entry Names
DatePrevious Entry Name
2017-08-04Target Influence via Social Engineering

More information is available — Please select a different filter.
Page Last Updated or Reviewed: July 31, 2017