CAPEC-422: Influence Perception of Commitment and Consistency
An adversary uses social engineering to convince the target to do minor tasks as opposed to larger actions. After complying with a request, individuals are more likely to agree to subsequent requests that are similar in type and required effort.
Last updated
Overview
CAPEC-422 (Influence Perception of Commitment and Consistency) is a detailed-level attack pattern catalogued by MITRE in the Common Attack Pattern Enumeration and Classification (CAPEC). It describes a recurring method attackers use to exploit software weaknesses.
What the attacker needs
Prerequisites
- The adversary must have the means and knowledge of how to communicate with the target in some manner.
Skills required
- Low skill: The adversary requires strong inter-personal and communication skills.
Resources required
- None: No specialized resources are required to execute this type of attack.
Consequences
What a successful CAPEC-422 attack can achieve.
Other
Affects: Confidentiality, Integrity, Availability
Attacks that leverage the principle of scarcity can lead to the target performing an action that results in a variety of consequences that negatively affect the confidentiality, availability, and/or integrity of an application or system.
How to mitigate it
Defenses that reduce the risk of CAPEC-422.
- An organization should provide regular, robust cybersecurity training to its employees to prevent social engineering attacks.
- Individuals should avoid complying with suspicious requests.
Frequently asked questions
Common questions about CAPEC-422.
- What is CAPEC-422?
- An adversary uses social engineering to convince the target to do minor tasks as opposed to larger actions. After complying with a request, individuals are more likely to agree to subsequent requests that are similar in type and required effort.
- How do you prevent CAPEC-422?
- An organization should provide regular, robust cybersecurity training to its employees to prevent social engineering attacks.
- How severe is CAPEC-422?
- MITRE rates CAPEC-422 as Low severity with high likelihood of attack.
References
Attack-pattern data is sourced from the MITRE CAPEC catalog (v3.9). Weakness associations link to the corresponding CWE entries on RadicalNotion.AI.
Defend against CAPEC-422
Track the CVEs and weaknesses attackers exploit with this technique, with AI-written analysis and remediation guidance.