The adversary shapes the target's actions or behavior by focusing on the ways human interact and learn, leveraging such elements as cognitive and social psychology. In a variety of ways, a target can be influenced to behave or perform an action through capitalizing on what scholarship and research has learned about how and why humans react to specific scenarios and cues.
The adversary must have the means and knowledge of how to communicate with the target in some manner.
Typical Likelihood of Exploit
Methods of Attack
Attacker Skills or Knowledge Required
Skill or Knowledge Level: Low
The adversary requires strong inter-personal and communication skills.
Solutions and Mitigations
An organization should provide regular, robust cybersecurity training to its employees to prevent social engineering attacks.
"Varies by context"
Attacks that successfully influence the target into performing an action via psychological principles can result in a variety of consequences that negatively affect the confidentiality, availability, and/or integrity of an application or system.
More information is available — Please select a different filter.
Page Last Updated or Reviewed:
August 04, 2017
Use of the Common Attack Pattern Enumeration and Classification dictionary and classification taxonomy, and the associated references from this website, are subject to the