Dark Mode
Capec-421 Detail
Influence Perception of Authority
Detailed Social Engineering Likelihood: High Typical Severity: Low
Parents: 417
An adversary uses a social engineering technique to convey a sense of authority that motivates the target to reveal specific information or take specific action. There are various techniques for producing a sense of authority during ordinary modes of communication. One common method is impersonation. By impersonating someone with a position of power within an organization, an adversary may motivate the target individual to reveal some piece of sensitive information or perform an action that benefits the adversary.
Not present
| External ID | Source | Link | Description |
|---|---|---|---|
| CAPEC-421 | capec | https://capec.mitre.org/data/definitions/421.html | |
| REF-348 | reference_from_CAPEC | http://www.social-engineer.org | The Official Social Engineering Portal, Social-Engineer.org, Tick Tock Computers, LLC |
Not present
- The adversary must have the means and knowledge of how to communicate with the target in some manner.
- None: No specialized resources are required to execute this type of attack.
| Low |
|---|
| The adversary requires strong inter-personal and communication skills. |
| Integrity | Availability | Confidentiality |
|---|---|---|
| Other (Attacks that leverage the principle of scarcity can lead to the target performing an action that results in a variety of consequences that negatively affect the confidentiality, availability, and/or integrity of an application or system.) | Other (Attacks that leverage the principle of scarcity can lead to the target performing an action that results in a variety of consequences that negatively affect the confidentiality, availability, and/or integrity of an application or system.) | Other (Attacks that leverage the principle of scarcity can lead to the target performing an action that results in a variety of consequences that negatively affect the confidentiality, availability, and/or integrity of an application or system.) |
- The adversary calls the target and announces that they are the head of IT at the target's company. The adversary goes on to say that there has been a technical issue and they need the target's login credentials for their account. By convincing the target of their authority, the adversary hopes the target will reveal the sensitive information.