The adversary incites a behavior from the target by manipulating something of influence. This is commonly associated with financial, social, or ideological incentivization. Examples include monetary fraud, peer pressure, and preying on the target's morals or ethics. The most effective incentive against one target might not be as effective against another, therefore the adversary must gather information about the target's vulnerability to particular incentives.
The adversary must have the means and knowledge of how to communicate with the target in some manner.
The adversary must have knowledge of the incentives that would influence the actions of the specific target.
Typical Likelihood of Exploit
Methods of Attack
Attacker Skills or Knowledge Required
Skill or Knowledge Level: Low
The adversary requires strong inter-personal and communication skills.
Solutions and Mitigations
An organization should provide regular, robust cybersecurity training to its employees to prevent social engineering attacks.
"Varies by context"
Attacks that successfully incentivize the target into performing an action beneficial to the adversary can result in a variety of consequences that negatively affect the confidentiality, availability, and/or integrity of an application or system.
More information is available — Please select a different filter.
Page Last Updated or Reviewed:
July 31, 2017
Use of the Common Attack Pattern Enumeration and Classification dictionary and classification taxonomy, and the associated references from this website, are subject to the