CAPEC-422: Influence Perception of Commitment and Consistency
An adversary uses social engineering to convince the target to do minor tasks as opposed to larger actions. After complying with a request, individuals are more likely to agree to subsequent requests that are similar in type and required effort.
Last updated
Overview
CAPEC-422 (Influence Perception of Commitment and Consistency) is a detailed-level attack pattern catalogued by MITRE in the Common Attack Pattern Enumeration and Classification (CAPEC). It describes a recurring method attackers use to exploit software weaknesses.
What the attacker needs
Prerequisites
- The adversary must have the means and knowledge of how to communicate with the target in some manner.
Skills required
- Low skill: The adversary requires strong inter-personal and communication skills.
Resources required
- None: No specialized resources are required to execute this type of attack.
Consequences
What a successful CAPEC-422 attack can achieve.
Other
Affects: Confidentiality, Integrity, Availability
Attacks that leverage the principle of scarcity can lead to the target performing an action that results in a variety of consequences that negatively affect the confidentiality, availability, and/or integrity of an application or system.
How to mitigate it
Defenses that reduce the risk of CAPEC-422.
- An organization should provide regular, robust cybersecurity training to its employees to prevent social engineering attacks.
- Individuals should avoid complying with suspicious requests.