CAPEC-422: Influence Perception of Commitment and Consistency
CAPEC版本: 3.9
更新日期: 2023-01-24
攻击模式描述
An adversary uses social engineering to convince the target to do minor tasks as opposed to larger actions. After complying with a request, individuals are more likely to agree to subsequent requests that are similar in type and required effort.
前提条件
- The adversary must have the means and knowledge of how to communicate with the target in some manner.
所需技能
所需资源
- None: No specialized resources are required to execute this type of attack.
后果影响
影响范围: Confidentiality Integrity Availability
技术影响: Other
说明: Attacks that leverage the principle of scarcity can lead to the target performing an action that results in a variety of consequences that negatively affect the confidentiality, availability, and/or integrity of an application or system.
缓解措施
An organization should provide regular, robust cybersecurity training to its employees to prevent social engineering attacks.
Individuals should avoid complying with suspicious requests.