CAPEC-425: Target Influence via Framing
CAPEC版本: 3.9
更新日期: 2023-01-24
攻击模式描述
An adversary uses framing techniques to contextualize a conversation so that the target is more likely to be influenced by the adversary's point of view. Framing is information and experiences in life that alter the way we react to decisions we must make. This type of persuasive technique exploits the way people are conditioned to perceive data and its significance, while avoiding negative or avoidance responses from the target. Rather than a specific technique framing is a methodology of conversation that slowly encourages the target to adopt to the adversary's perspective. One technique of framing is to avoid the use of the word "No" and to contextualize responses in a manner that is positive. When performed skillfully the target is much more likely to volunteer information or perform actions favorable to the adversary.
前提条件
- The adversary must have the means and knowledge of how to communicate with the target in some manner.
所需技能
后果影响
影响范围: Confidentiality
技术影响: Other
说明: Successful attacks that influence the target via framing into performing an action or sharing sensitive information can result in a variety of consequences that negatively affect the confidentiality of an application or system.
缓解措施
An organization should provide regular, robust cybersecurity training to its employees to prevent social engineering attacks.
Avoid sharing unnecessary information during interactions beyond what is absolutely required for effective communication.