CAPEC-418 Metadata
Likelihood of Attack
Medium
Typical Severity
Medium
Overview
Summary
An adversary uses a social engineering techniques to produce a sense of obligation in the target to perform a certain action or concede some sensitive or key piece of information. Obligation has to do with actions one feels they need to take due to some sort of social, legal, or moral requirement, duty, contract, or promise. There are various techniques for fostering a sense of obligation to reciprocate or concede during ordinary modes of communication. One method is to compliment the target, and follow up the compliment with a question. If performed correctly the target may volunteer a key piece of information, sometimes involuntarily.
Prerequisites
The adversary must have the means and knowledge of how to communicate with the target in some manner.
Potential Solutions / Mitigations
An organization should provide regular, robust cybersecurity training to its employees to prevent social engineering attacks.
Related CAPECs
| CAPEC ID | Description |
|---|---|
| CAPEC-417 | The adversary uses social engineering to exploit the target's perception of the relationship between the adversary and themselves. This goal is to persuade the target to unknowingly perform an action or divulge information that is advantageous to the adversary. |
Stay Ahead of Attack Patterns
Understanding CAPEC patterns helps security professionals anticipate and thwart potential attacks. Leverage these insights to enhance threat modeling, strengthen your software development lifecycle, and train your security teams effectively.