CAPEC-421: Influence Perception of Authority
An adversary uses a social engineering technique to convey a sense of authority that motivates the target to reveal specific information or take specific action. There are various techniques for producing a sense of authority during ordinary modes of communication. One common method is impersonation. By impersonating someone with a position of power within an organization, an adversary may motivate the target individual to reveal some piece of sensitive information or perform an action that benefits the adversary.
Last updated
Overview
CAPEC-421 (Influence Perception of Authority) is a detailed-level attack pattern catalogued by MITRE in the Common Attack Pattern Enumeration and Classification (CAPEC). It describes a recurring method attackers use to exploit software weaknesses.
What the attacker needs
Prerequisites
- The adversary must have the means and knowledge of how to communicate with the target in some manner.
Skills required
- Low skill: The adversary requires strong inter-personal and communication skills.
Resources required
- None: No specialized resources are required to execute this type of attack.
Consequences
What a successful CAPEC-421 attack can achieve.
Other
Affects: Confidentiality, Integrity, Availability
Attacks that leverage the principle of scarcity can lead to the target performing an action that results in a variety of consequences that negatively affect the confidentiality, availability, and/or integrity of an application or system.
How to mitigate it
Defenses that reduce the risk of CAPEC-421.
- An organization should provide regular, robust cybersecurity training to its employees to prevent social engineering attacks.