Detailed attack pattern

Stable

CAPEC-421: Influence Perception of Authority

An adversary uses a social engineering technique to convey a sense of authority that motivates the target to reveal specific information or take specific action. There are various techniques for producing a sense of authority during ordinary modes of communication. One common method is impersonation. By impersonating someone with a position of power within an organization, an adversary may motivate the target individual to reveal some piece of sensitive information or perform an action that benefits the adversary.

Last updated June 1, 2026

Low

Typical severity

Per MITRE

High

Likelihood of attack

Per MITRE

0

Related weaknesses

CWEs this targets

Detailed

Abstraction

MITRE classification

Overview

CAPEC-421 (Influence Perception of Authority) is a detailed-level attack pattern catalogued by MITRE in the Common Attack Pattern Enumeration and Classification (CAPEC). It describes a recurring method attackers use to exploit software weaknesses.

What the attacker needs

Prerequisites

The adversary must have the means and knowledge of how to communicate with the target in some manner.

Skills required

Low skill: The adversary requires strong inter-personal and communication skills.

Resources required

None: No specialized resources are required to execute this type of attack.

Consequences

What a successful CAPEC-421 attack can achieve.

Other

Affects: Confidentiality, Integrity, Availability

Attacks that leverage the principle of scarcity can lead to the target performing an action that results in a variety of consequences that negatively affect the confidentiality, availability, and/or integrity of an application or system.

How to mitigate it

Defenses that reduce the risk of CAPEC-421.

An organization should provide regular, robust cybersecurity training to its employees to prevent social engineering attacks.

Examples

The adversary calls the target and announces that they are the head of IT at the target's company. The adversary goes on to say that there has been a technical issue and they need the target's login credentials for their account. By convincing the target of their authority, the adversary hopes the target will reveal the sensitive information.

Frequently asked questions

Common questions about CAPEC-421.

What is CAPEC-421?

An adversary uses a social engineering technique to convey a sense of authority that motivates the target to reveal specific information or take specific action. There are various techniques for producing a sense of authority during ordinary modes of communication. One common method is impersonation. By impersonating someone with a position of power within an organization, an adversary may motivate the target individual to reveal some piece of sensitive information or perform an action that benefits the adversary.

How do you prevent CAPEC-421?

An organization should provide regular, robust cybersecurity training to its employees to prevent social engineering attacks.

How severe is CAPEC-421?

MITRE rates CAPEC-421 as Low severity with high likelihood of attack.

References

Attack-pattern data is sourced from the MITRE CAPEC catalog (v3.9). Weakness associations link to the corresponding CWE entries on RadicalNotion.AI.

Defend against CAPEC-421

Track the CVEs and weaknesses attackers exploit with this technique, with AI-written analysis and remediation guidance.

Start free See pricing

Log in