CAPEC-407: Pretexting
CAPEC版本: 3.9
更新日期: 2023-01-24
攻击模式描述
An adversary engages in pretexting behavior to solicit information from target persons, or manipulate the target into performing some action that serves the adversary's interests. During a pretexting attack, the adversary creates an invented scenario, assuming an identity or role to persuade a targeted victim to release information or perform some action. It is more than just creating a lie; in some cases it can be creating a whole new identity and then using that identity to manipulate the receipt of information.
前提条件
- The adversary must have the means and knowledge of how to communicate with the target in some manner.The adversary must have knowledge of the pretext that would influence the actions of the specific target.
所需技能
后果影响
影响范围: Confidentiality
技术影响: Other
说明: Depending on the adversary's intentions and the specific nature their actions/requests, a successful pretexting attack can result in the compromise to the confidentiality of sensitive information in a variety of contexts.
缓解措施
An organization should provide regular, robust cybersecurity training to its employees to prevent successful social engineering attacks.
示例实例
The adversary dresses up like a jogger and runs in place by the entrance of a building, pretending to look for their access card. Because the hood obscures their face, it may be possible to solicit someone inside the building to let them inside.
分类映射
| 分类名称 | 条目ID | 条目名称 |
|---|---|---|
| ATTACK | 1589 | Gather Victim Identity Information |