Home > CAPEC List > CAPEC-425: Target Influence via Framing (Version 2.11)  

CAPEC-425: Target Influence via Framing

Target Influence via Framing
Definition in a New Window Definition in a New Window
Attack Pattern ID: 425
Abstraction: Standard
Status: Draft
Completeness: Stub
Presentation Filter:
+ Summary

An adversary uses framing techniques to contextualize a conversation so that the target is more likely to be influenced by the adversary's point of view. Framing is information and experiences in life that alter the way we react to decisions we must make. This type of persuasive technique exploits the way people are conditioned to perceive data and its significance, while avoiding negative or avoidance responses from the target. Rather than a specific technique framing is a methodology of conversation that slowly encourages the target to adopt to the adversary's perspective. One technique of framing is to avoid the use of the word "No" and to contextualize responses in a manner that is positive. When performed skillfully the target is much more likely to volunteer information or perform actions favorable to the adversary.

+ Attack Prerequisites
  • The adversary must have the means and knowledge of how to communicate with the target in some manner.

+ Typical Severity


+ Typical Likelihood of Exploit

Likelihood: Low

+ Methods of Attack
  • Social Engineering
+ Attacker Skills or Knowledge Required

Skill or Knowledge Level: Low

The adversary requires strong inter-personal and communication skills.

+ Solutions and Mitigations

An organization should provide regular, robust cybersecurity training to its employees to prevent social engineering attacks.

Avoid sharing unnecessary information during interactions beyond what is absolutely required for effective communication.

+ Attack Motivation-Consequences
ScopeTechnical ImpactNote
Successful attacks that influence the target via framing into performing an action or sharing sensitive information can result in a variety of consequences that negatively affect the confidentiality of an application or system.
+ References
[R.417.1] [REF-30] "The Official Social Engineering Portal". Social-Engineer.org. Tick Tock Computers, LLC. <http://www.social-engineer.org>.
+ Content History
CAPEC Content TeamThe MITRE Corporation2014-06-23Internal_CAPEC_Team
CAPEC Content TeamThe MITRE Corporation2017-08-04Updated Attack_Motivation-Consequences, Attack_Prerequisites, Attacker_Skills_or_Knowledge_Required, Description Summary, Methods_of_Attack, References, Solutions_and_Mitigations, Typical_Likelihood_of_ExploitInternal

More information is available — Please select a different filter.
Page Last Updated or Reviewed: August 04, 2017