CAPEC-415: Pretexting via Phone

An adversary engages in pretexting behavior, assuming some sort of trusted role, and contacting the targeted individual or organization via phone to solicit information from target persons, or manipulate the target into performing an action that serves the adversary's interests. This is the most common social engineering attack. Some of the most commonly effective approaches are to impersonate a fellow employee, impersonate a computer technician or to target help desk personnel.

Low

Typical severity

Per MITRE

Not rated

Likelihood of attack

Per MITRE

Related weaknesses

CWEs this targets

Detailed

Abstraction

MITRE classification

Overview

CAPEC-415 (Pretexting via Phone) is a detailed-level attack pattern catalogued by MITRE in the Common Attack Pattern Enumeration and Classification (CAPEC). It describes a recurring method attackers use to exploit software weaknesses.

CAPEC-415: Pretexting via Phone

Overview

Frequently asked questions

What is CAPEC-415?

How severe is CAPEC-415?

References

Defend against CAPEC-415

Overview

Related attack patterns

Parent

Frequently asked questions

What is CAPEC-415?

How severe is CAPEC-415?

References

Defend against CAPEC-415