CAPEC-418: Influence Perception of Reciprocation
An adversary uses a social engineering techniques to produce a sense of obligation in the target to perform a certain action or concede some sensitive or key piece of information. Obligation has to do with actions one feels they need to take due to some sort of social, legal, or moral requirement, duty, contract, or promise. There are various techniques for fostering a sense of obligation to reciprocate or concede during ordinary modes of communication. One method is to compliment the target, and follow up the compliment with a question. If performed correctly the target may volunteer a key piece of information, sometimes involuntarily.
Last updated
Overview
CAPEC-418 (Influence Perception of Reciprocation) is a detailed-level attack pattern catalogued by MITRE in the Common Attack Pattern Enumeration and Classification (CAPEC). It describes a recurring method attackers use to exploit software weaknesses.
What the attacker needs
Prerequisites
- The adversary must have the means and knowledge of how to communicate with the target in some manner.
Skills required
- Low skill: The adversary requires strong inter-personal and communication skills.
Resources required
- None: No specialized resources are required to execute this type of attack.
Consequences
What a successful CAPEC-418 attack can achieve.
Other
Affects: Confidentiality, Integrity, Availability
Attacks that influence the perception of the target can result in a wide variety of consequences and negatively affect potentially the confidentiality, availability, and/or integrity of an application or system.
How to mitigate it
Defenses that reduce the risk of CAPEC-418.
- An organization should provide regular, robust cybersecurity training to its employees to prevent social engineering attacks.