Home > CAPEC List > CAPEC-422: Influence Perception of Commitment and Consistency (Version 2.11)  

CAPEC-422: Influence Perception of Commitment and Consistency

 
Influence Perception of Commitment and Consistency
Definition in a New Window Definition in a New Window
Attack Pattern ID: 422
Abstraction: Detailed
Status: Stable
Completeness: Stub
Presentation Filter:
+ Summary

An adversary uses social engineering to convince the target to do minor tasks as opposed to larger actions. After complying with a request, individuals are more likely to agree to subsequent requests that are similar in type and required effort.

+ Attack Prerequisites
  • The adversary must have the means and knowledge of how to communicate with the target in some manner.

+ Typical Severity

Low

+ Typical Likelihood of Exploit

Likelihood: High

+ Methods of Attack
  • Social Engineering
+ Attacker Skills or Knowledge Required

Skill or Knowledge Level: Low

The adversary requires strong inter-personal and communication skills.

+ Resources Required

None: No specialized resources are required to execute this type of attack.

+ Solutions and Mitigations

An organization should provide regular, robust cybersecurity training to its employees to prevent social engineering attacks.

Individuals should avoid complying with suspicious requests.

+ Attack Motivation-Consequences
ScopeTechnical ImpactNote
Confidentiality
Integrity
Availability
"Varies by context"
Attacks that leverage the principle of scarcity can lead to the target performing an action that results in a variety of consequences that negatively affect the confidentiality, availability, and/or integrity of an application or system.
+ References
[R.421.1] [REF-30] "The Official Social Engineering Portal". Social-Engineer.org. Tick Tock Computers, LLC. <http://www.social-engineer.org>.
+ Content History
Submissions
SubmitterOrganizationDateSource
CAPEC Content TeamThe MITRE Corporation2014-06-23Internal_CAPEC_Team
Modifications
ModifierOrganizationDateCommentsSource
CAPEC Content TeamThe MITRE Corporation2017-08-04Updated Attack_Motivation-Consequences, Attack_Prerequisites, Attacker_Skills_or_Knowledge_Required, Description Summary, Methods_of_Attack, References, Related_Attack_Patterns, Resources_Required, Solutions_and_Mitigations, Typical_Likelihood_of_ExploitInternal
Previous Entry Names
DatePrevious Entry Name
2017-08-04Target Influence via Perception of Commitment and Consistency

More information is available — Please select a different filter.
Page Last Updated or Reviewed: July 31, 2017