Home > CAPEC List > CAPEC-418: Target Influence via Perception of Obligation (Version 2.10)  

CAPEC-418: Target Influence via Perception of Obligation

 
Target Influence via Perception of Obligation
Definition in a New Window Definition in a New Window
Attack Pattern ID: 418
Abstraction: Meta
Status: Draft
Completeness: Stub
Presentation Filter:
+ Summary

An attacker uses a social engineering technique to produce a sense of obligation within the target to volunteer some key or sensitive piece of information. Obligation has to do with actions one feels they need to take due to some sort of social, legal, or moral requirement, duty, contract, or promise. In the context of social engineering, obligation is closely related to reciprocation but is not limited to it. There are various techniques for producing a sense of obligation during ordinary modes of communication. One method is to compliment the target, and follow up the compliment with a question. If performed correctly the target may volunteer a key piece of information, sometimes involuntarily. It can also be as simple as holding an outer door for someone will usually make them hold the inner door for you. It can be escalated to someone giving you private info because you create a sense of obligation. This is a common attack vector when targeting customer service people.

+ Typical Severity

Low

+ References
[R.418.1] [REF-30] "The Official Social Engineering Portal". Social-Engineer.org. Tick Tock Computers, LLC. <http://www.social-engineer.org>.
+ Content History
Submissions
SubmitterOrganizationDateSource
CAPEC Content TeamThe MITRE Corporation2014-06-23Internal_CAPEC_Team
More information is available — Please select a different filter.
Page Last Updated or Reviewed: May 01, 2017