Home > CAPEC List > CAPEC-421: Influence Perception of Authority (Version 2.11)  

CAPEC-421: Influence Perception of Authority

 
Influence Perception of Authority
Definition in a New Window Definition in a New Window
Attack Pattern ID: 421
Abstraction: Detailed
Status: Stable
Completeness: Stub
Presentation Filter:
+ Summary

An adversary uses a social engineering technique to convey a sense of authority that motivates the target reveal specific information or take specific action. There are various techniques for producing a sense of authority during ordinary modes of communication. One common method is impersonation. By impersonating someone with a position of power within an organization an adversary may motivate the target individual to reveal some piece of sensitive information or perform an action that benefits the adversary.

+ Attack Prerequisites
  • The adversary must have the means and knowledge of how to communicate with the target in some manner.

+ Typical Severity

Low

+ Typical Likelihood of Exploit

Likelihood: High

+ Methods of Attack
  • Social Engineering
+ Examples-Instances

Description

The adversary calls the target and announces that he is the head of IT at the target's company. The adversary goes on to say that there has been a technical issue and he/she needs the target's login credentials for their account. By convincing the target of his/her authority, the adversary hopes the target will reveal the sensitive information.

+ Attacker Skills or Knowledge Required

Skill or Knowledge Level: Low

The adversary requires strong inter-personal and communication skills.

+ Resources Required

None: No specialized resources are required to execute this type of attack.

+ Solutions and Mitigations

An organization should provide regular, robust cybersecurity training to its employees to prevent social engineering attacks.

+ Attack Motivation-Consequences
ScopeTechnical ImpactNote
Confidentiality
Integrity
Availability
"Varies by context"
Attacks that leverage the principle of scarcity can lead to the target performing an action that results in a variety of consequences that negatively affect the confidentiality, availability, and/or integrity of an application or system.
+ References
[R.421.1] [REF-30] "The Official Social Engineering Portal". Social-Engineer.org. Tick Tock Computers, LLC. <http://www.social-engineer.org>.
+ Content History
Submissions
SubmitterOrganizationDateSource
CAPEC Content TeamThe MITRE Corporation2014-06-23Internal_CAPEC_Team
Modifications
ModifierOrganizationDateCommentsSource
CAPEC Content TeamThe MITRE Corporation2017-08-04Updated Attack_Motivation-Consequences, Attack_Prerequisites, Attacker_Skills_or_Knowledge_Required, Description Summary, Examples-Instances, Methods_of_Attack, Related_Attack_Patterns, Resources_Required, Solutions_and_Mitigations, Typical_Likelihood_of_ExploitInternal
Previous Entry Names
DatePrevious Entry Name
2017-08-04Target Influence via Perception of Authority

More information is available — Please select a different filter.
Page Last Updated or Reviewed: July 31, 2017