CAPEC-422 Metadata
Likelihood of Attack
High
Typical Severity
Low
Overview
Summary
An adversary uses social engineering to convince the target to do minor tasks as opposed to larger actions. After complying with a request, individuals are more likely to agree to subsequent requests that are similar in type and required effort.
Prerequisites
The adversary must have the means and knowledge of how to communicate with the target in some manner.
Potential Solutions / Mitigations
An organization should provide regular, robust cybersecurity training to its employees to prevent social engineering attacks. Individuals should avoid complying with suspicious requests.
Related CAPECs
| CAPEC ID | Description |
|---|---|
| CAPEC-417 | The adversary uses social engineering to exploit the target's perception of the relationship between the adversary and themselves. This goal is to persuade the target to unknowingly perform an action or divulge information that is advantageous to the adversary. |
Stay Ahead of Attack Patterns
Understanding CAPEC patterns helps security professionals anticipate and thwart potential attacks. Leverage these insights to enhance threat modeling, strengthen your software development lifecycle, and train your security teams effectively.