Standard attack pattern
Log in
The adversary incites a behavior from the target by manipulating something of influence. This is commonly associated with financial, social, or ideological incentivization. Examples include monetary fraud, peer pressure, and preying on the target's morals or ethics. The most effective incentive against one target might not be as effective against another, therefore the adversary must gather information about the target's vulnerability to particular incentives.
Last updated
CAPEC-426 (Influence via Incentives) is a standard-level attack pattern catalogued by MITRE in the Common Attack Pattern Enumeration and Classification (CAPEC). It describes a recurring method attackers use to exploit software weaknesses.
What a successful CAPEC-426 attack can achieve.
Other
Affects: Confidentiality, Integrity, Availability
Attacks that successfully incentivize the target into performing an action beneficial to the adversary can result in a variety of consequences that negatively affect the confidentiality, availability, and/or integrity of an application or system.
Defenses that reduce the risk of CAPEC-426.
Common questions about CAPEC-426.
The adversary incites a behavior from the target by manipulating something of influence. This is commonly associated with financial, social, or ideological incentivization. Examples include monetary fraud, peer pressure, and preying on the target's morals or ethics. The most effective incentive against one target might not be as effective against another, therefore the adversary must gather information about the target's vulnerability to particular incentives.
An organization should provide regular, robust cybersecurity training to its employees to prevent social engineering attacks.
MITRE rates CAPEC-426 as Low severity with low likelihood of attack.
Attack-pattern data is sourced from the MITRE CAPEC catalog (v3.9). Weakness associations link to the corresponding CWE entries on RadicalNotion.AI.
Track the CVEs and weaknesses attackers exploit with this technique, with AI-written analysis and remediation guidance.