Home > CAPEC List > CAPEC-426: Influence via Incentives (Version 2.11)  

CAPEC-426: Influence via Incentives

 
Influence via Incentives
Definition in a New Window Definition in a New Window
Attack Pattern ID: 426
Abstraction: Standard
Status: Stable
Completeness: Stub
Presentation Filter:
+ Summary

The adversary incites a behavior from the target by manipulating something of influence. This is commonly associated with financial, social, or ideological incentivization. Examples include monetary fraud, peer pressure, and preying on the target's morals or ethics. The most effective incentive against one target might not be as effective against another, therefore the adversary must gather information about the target's vulnerability to particular incentives.

+ Attack Prerequisites
  • The adversary must have the means and knowledge of how to communicate with the target in some manner.

    The adversary must have knowledge of the incentives that would influence the actions of the specific target.

+ Typical Severity

Low

+ Typical Likelihood of Exploit

Likelihood: Low

+ Methods of Attack
  • Social Engineering
+ Attacker Skills or Knowledge Required

Skill or Knowledge Level: Low

The adversary requires strong inter-personal and communication skills.

+ Solutions and Mitigations

An organization should provide regular, robust cybersecurity training to its employees to prevent social engineering attacks.

+ Attack Motivation-Consequences
ScopeTechnical ImpactNote
Confidentiality
Integrity
Availability
"Varies by context"
Attacks that successfully incentivize the target into performing an action beneficial to the adversary can result in a variety of consequences that negatively affect the confidentiality, availability, and/or integrity of an application or system.
+ References
[R.417.1] [REF-30] "The Official Social Engineering Portal". Social-Engineer.org. Tick Tock Computers, LLC. <http://www.social-engineer.org>.
+ Content History
Submissions
SubmitterOrganizationDateSource
CAPEC Content TeamThe MITRE Corporation2014-06-23Internal_CAPEC_Team
Modifications
ModifierOrganizationDateCommentsSource
CAPEC Content TeamThe MITRE Corporation2017-08-04Updated Attack_Motivation-Consequences, Attack_Prerequisites, Attacker_Skills_or_Knowledge_Required, Description Summary, Methods_of_Attack, References, Solutions_and_Mitigations, Typical_Likelihood_of_ExploitInternal
Previous Entry Names
DatePrevious Entry Name
2017-08-04Target Influence via Manipulation of Incentives

More information is available — Please select a different filter.
Page Last Updated or Reviewed: July 31, 2017