CAPEC-425: Target Influence via Framing
An adversary uses framing techniques to contextualize a conversation so that the target is more likely to be influenced by the adversary's point of view. Framing is information and experiences in life that alter the way we react to decisions we must make. This type of persuasive technique exploits the way people are conditioned to perceive data and its significance, while avoiding negative or avoidance responses from the target. Rather than a specific technique framing is a methodology of conversation that slowly encourages the target to adopt to the adversary's perspective. One technique of framing is to avoid the use of the word "No" and to contextualize responses in a manner that is positive. When performed skillfully the target is much more likely to volunteer information or perform actions favorable to the adversary.
Last updated
Overview
CAPEC-425 (Target Influence via Framing) is a standard-level attack pattern catalogued by MITRE in the Common Attack Pattern Enumeration and Classification (CAPEC). It describes a recurring method attackers use to exploit software weaknesses.
What the attacker needs
Prerequisites
- The adversary must have the means and knowledge of how to communicate with the target in some manner.
Skills required
- Low skill: The adversary requires strong inter-personal and communication skills.
Consequences
What a successful CAPEC-425 attack can achieve.
Other
Affects: Confidentiality
Successful attacks that influence the target via framing into performing an action or sharing sensitive information can result in a variety of consequences that negatively affect the confidentiality of an application or system.
How to mitigate it
Defenses that reduce the risk of CAPEC-425.
- An organization should provide regular, robust cybersecurity training to its employees to prevent social engineering attacks.
- Avoid sharing unnecessary information during interactions beyond what is absolutely required for effective communication.
Frequently asked questions
Common questions about CAPEC-425.
- What is CAPEC-425?
- An adversary uses framing techniques to contextualize a conversation so that the target is more likely to be influenced by the adversary's point of view. Framing is information and experiences in life that alter the way we react to decisions we must make. This type of persuasive technique exploits the way people are conditioned to perceive data and its significance, while avoiding negative or avoidance responses from the target. Rather than a specific technique framing is a methodology of conversation that slowly encourages the target to adopt to the adversary's perspective. One technique of framing is to avoid the use of the word "No" and to contextualize responses in a manner that is positive. When performed skillfully the target is much more likely to volunteer information or perform actions favorable to the adversary.
- How do you prevent CAPEC-425?
- An organization should provide regular, robust cybersecurity training to its employees to prevent social engineering attacks.
- How severe is CAPEC-425?
- MITRE rates CAPEC-425 as Low severity with low likelihood of attack.
References
Attack-pattern data is sourced from the MITRE CAPEC catalog (v3.9). Weakness associations link to the corresponding CWE entries on RadicalNotion.AI.
Defend against CAPEC-425
Track the CVEs and weaknesses attackers exploit with this technique, with AI-written analysis and remediation guidance.