CAPEC-422

Detailed Abstraction Level
Meta — Very abstract, high-level category
Standard — Specific enough to understand
Detailed — Tied to specific technique
Stable MITRE CAPEC Status
Stable — Fully reviewed and complete
Draft — Under development
Incomplete — Partially defined
Deprecated — No longer recommended
Obsolete — Replaced by another CAPEC
Likelihood: High Severity: Low
Influence Perception of Commitment and Consistency

Description

An adversary uses social engineering to convince the target to do minor tasks as opposed to larger actions. After complying with a request, individuals are more likely to agree to subsequent requests that are similar in type and required effort.

Prerequisites

The adversary must have the means and knowledge of how to communicate with the target in some manner.

Mitigations

An organization should provide regular, robust cybersecurity training to its employees to prevent social engineering attacks.

Individuals should avoid complying with suspicious requests.

Skills Required

[Low] The adversary requires strong inter-personal and communication skills.