Home > CAPEC List > CAPEC-427: Influence via Psychological Principles (Version 2.11)  

CAPEC-427: Influence via Psychological Principles

 
Influence via Psychological Principles
Definition in a New Window Definition in a New Window
Attack Pattern ID: 427
Abstraction: Standard
Status: Draft
Completeness: Stub
Presentation Filter:
+ Summary

The adversary shapes the target's actions or behavior by focusing on the ways human interact and learn, leveraging such elements as cognitive and social psychology. In a variety of ways, a target can be influenced to behave or perform an action through capitalizing on what scholarship and research has learned about how and why humans react to specific scenarios and cues.

+ Attack Prerequisites
  • The adversary must have the means and knowledge of how to communicate with the target in some manner.

+ Typical Severity

Low

+ Typical Likelihood of Exploit

Likelihood: Low

+ Methods of Attack
  • Social Engineering
+ Attacker Skills or Knowledge Required

Skill or Knowledge Level: Low

The adversary requires strong inter-personal and communication skills.

+ Solutions and Mitigations

An organization should provide regular, robust cybersecurity training to its employees to prevent social engineering attacks.

+ Attack Motivation-Consequences
ScopeTechnical ImpactNote
Confidentiality
Integrity
Availability
"Varies by context"
Attacks that successfully influence the target into performing an action via psychological principles can result in a variety of consequences that negatively affect the confidentiality, availability, and/or integrity of an application or system.
+ References
[R.417.1] [REF-30] "The Official Social Engineering Portal". Social-Engineer.org. Tick Tock Computers, LLC. <http://www.social-engineer.org>.
+ Content History
Submissions
SubmitterOrganizationDateSource
CAPEC Content TeamThe MITRE Corporation2014-06-23Internal_CAPEC_Team
Modifications
ModifierOrganizationDateCommentsSource
CAPEC Content TeamThe MITRE Corporation2017-08-04Updated Attack_Motivation-Consequences, Attack_Prerequisites, Attacker_Skills_or_Knowledge_Required, Description Summary, Methods_of_Attack, References, Solutions_and_Mitigations, Typical_Likelihood_of_ExploitInternal
Previous Entry Names
DatePrevious Entry Name
2017-08-04Target Influence via Psychological Principles

More information is available — Please select a different filter.
Page Last Updated or Reviewed: August 04, 2017