Home > CAPEC List > CAPEC-418: Influence Perception of Reciprocation (Version 2.11)  

CAPEC-418: Influence Perception of Reciprocation

 
Influence Perception of Reciprocation
Definition in a New Window Definition in a New Window
Attack Pattern ID: 418
Abstraction: Detailed
Status: Draft
Completeness: Stub
Presentation Filter:
+ Summary

An adversary uses a social engineering techniques to produce a sense of obligation in the target to perform a certain action or concede some sensitive or key piece of information. Obligation has to do with actions one feels they need to take due to some sort of social, legal, or moral requirement, duty, contract, or promise. There are various techniques for fostering a sense of obligation to reciprocate or concede during ordinary modes of communication. One method is to compliment the target, and follow up the compliment with a question. If performed correctly the target may volunteer a key piece of information, sometimes involuntarily.

+ Attack Prerequisites
  • The adversary must have the means and knowledge of how to communicate with the target in some manner.

+ Typical Severity

Medium

+ Typical Likelihood of Exploit

Likelihood: Medium

+ Methods of Attack
  • Social Engineering
+ Examples-Instances

Description

An adversary develops a relationship with the target to foster a feeling of obligation in them to perform a certain action or concede some information. A perception of obligation/concession means that the target feels they need to behave in some way or perform some sort of action due to being morally or legally bound to do so.

+ Attacker Skills or Knowledge Required

Skill or Knowledge Level: Low

The adversary requires strong inter-personal and communication skills.

+ Resources Required

None: No specialized resources are required to execute this type of attack.

+ Solutions and Mitigations

An organization should provide regular, robust cybersecurity training to its employees to prevent social engineering attacks.

+ Attack Motivation-Consequences
ScopeTechnical ImpactNote
Confidentiality
Integrity
Availability
"Varies by context"
Attacks that influence the perception of the target can result in a wide variety of consequences and negatively affect potentially the confidentiality, availability, and/or integrity of an application or system.
+ References
[R.417.1] [REF-30] "The Official Social Engineering Portal". Social-Engineer.org. Tick Tock Computers, LLC. <http://www.social-engineer.org>.
[R.416.1] [REF-30] "Social Engineering: The Art of Human Hacking". 2010. Wiley.
+ Content History
Submissions
SubmitterOrganizationDateSource
CAPEC Content TeamThe MITRE Corporation2014-06-23Internal_CAPEC_Team
Modifications
ModifierOrganizationDateCommentsSource
CAPEC Content TeamThe MITRE Corporation2017-08-04Updated Attack_Motivation-Consequences, Attack_Prerequisites, Attacker_Skills_or_Knowledge_Required, Description Summary, Examples-Instances, Methods_of_Attack, References, Resources_Required, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit, Typical_SeverityInternal
Previous Entry Names
DatePrevious Entry Name
2017-08-04Target Influence via Perception of Obligation

More information is available — Please select a different filter.
Page Last Updated or Reviewed: August 03, 2017