CAPEC-421 Metadata
Likelihood of Attack
High
Typical Severity
Low
Overview
Summary
An adversary uses a social engineering technique to convey a sense of authority that motivates the target to reveal specific information or take specific action. There are various techniques for producing a sense of authority during ordinary modes of communication. One common method is impersonation. By impersonating someone with a position of power within an organization, an adversary may motivate the target individual to reveal some piece of sensitive information or perform an action that benefits the adversary.
Prerequisites
The adversary must have the means and knowledge of how to communicate with the target in some manner.
Potential Solutions / Mitigations
An organization should provide regular, robust cybersecurity training to its employees to prevent social engineering attacks.
Related CAPECs
| CAPEC ID | Description |
|---|---|
| CAPEC-417 | The adversary uses social engineering to exploit the target's perception of the relationship between the adversary and themselves. This goal is to persuade the target to unknowingly perform an action or divulge information that is advantageous to the adversary. |
Stay Ahead of Attack Patterns
Understanding CAPEC patterns helps security professionals anticipate and thwart potential attacks. Leverage these insights to enhance threat modeling, strengthen your software development lifecycle, and train your security teams effectively.