Home > CAPEC List > CAPEC-420: Influence Perception of Scarcity (Version 2.11)  

CAPEC-420: Influence Perception of Scarcity

Influence Perception of Scarcity
Definition in a New Window Definition in a New Window
Attack Pattern ID: 420
Abstraction: Detailed
Status: Stable
Completeness: Stub
Presentation Filter:
+ Summary

The adversary leverages a perception of scarcity to persuade the target to perform an action or divulge information that is advantageous to the adversary. By conveying a perception of scarcity, or a situation of limited supply, the adversary aims to create a sense of urgency in the context of a target's decision-making process.

+ Attack Prerequisites
  • The adversary must have the means and knowledge of how to communicate with the target in some manner.

+ Typical Severity


+ Typical Likelihood of Exploit

Likelihood: High

+ Methods of Attack
  • Social Engineering
+ Examples-Instances


An adversary sends an email to a target about a limited-time opportunity to claim a considerable monetary reward. The email contains a link to a site which the adversary says is only active for a short time and to the first person to claim it. By convincing the user of the scarcity of the monetary reward, the adversary aims to persuade them to click on the malicious link in the email.

+ Attacker Skills or Knowledge Required

Skill or Knowledge Level: Low

The adversary requires strong inter-personal and communication skills.

+ Resources Required

None: No specialized resources are required to execute this type of attack.

+ Solutions and Mitigations

An organization should provide regular, robust cybersecurity training to its employees to prevent social engineering attacks.

+ Attack Motivation-Consequences
ScopeTechnical ImpactNote
"Varies by context"
Attacks that leverage the principle of scarcity can lead to the target performing an action that results in a variety of consequences that negatively affect the confidentiality, availability, and/or integrity of an application or system.
+ References
[R.417.1] [REF-30] "The Official Social Engineering Portal". Social-Engineer.org. Tick Tock Computers, LLC. <http://www.social-engineer.org>.
+ Content History
CAPEC Content TeamThe MITRE Corporation2014-06-23Internal_CAPEC_Team
CAPEC Content TeamThe MITRE Corporation2017-08-04Updated Attack_Motivation-Consequences, Attack_Prerequisites, Attacker_Skills_or_Knowledge_Required, Description Summary, Examples-Instances, Methods_of_Attack, References, Related_Attack_Patterns, Resources_Required, Solutions_and_Mitigations, Typical_Likelihood_of_ExploitInternal
Previous Entry Names
DatePrevious Entry Name
2017-08-04Target Influence via Perception of Scarcity

More information is available — Please select a different filter.
Page Last Updated or Reviewed: August 04, 2017