2 – Social Engineering

• Describe different forms of attack in the context of cybersecurity
• Identify non-automated forms of cyberattack and learn how humans can be the weak points in an organisation
• Demonstrate knowledge of social engineering in role playing and case studies

• social engineering
• tailgating,
• digital devices

• blagging
• pharming
• eavesdropping

• phishing
• shoulder surfing
• keylogging

Social engineering is the psychological manipulation of people into performing actions or divulging confidential information.

Watch comedian Joe Lycett dealing with a scammer on Gumtree.

Open a blank word document.

Write down any features of the interaction that indicate that it is a scam.

Each of these images represents a type of scam. Pick 3 and find out what type of social engineering it is representing. Add these 3 words and their definition to your word document or paper.

Blagging is the act of creating and using an invented scenario to engage a targeted victim in a manner that increases the chance that the victim will divulge information or perform actions that would be unlikely in ordinary circumstances.

For example, fake pet adoption scams target animal lovers. These scams entice people who are looking to adopt pets by offering lower prices than usual. Of course, the animals do not exist and never arrive.

Miss Ella Geecat has been sent an email warning her that her bank account has been hacked.

How many of the ten clues can you spot that it isn’t genuine?

Spend five minutes finding the clues and writing them down in your Word file or on paper.

Explorer Task: Have you ever heard of any convincing scams?

Choose one of the scenarios below and prepare your role play with a partner. You have four minutes to prepare, then four minutes each to see how many items of personal data you can extract from your target.

Scenario 1: A ‘historian’ rings an elderly person at home to ‘help’ them with their family tree.

Scenario 2: An ‘IT professional’ calls an employee about a ‘virus’.

Scenario 3:  A ‘salesperson’ calls a stay-at-home dad offering free shopping vouchers.

Alternatively, create your own believable scam.

Download the PDF information sheet here for details on how to play.

Answer the five questions below and add the answers to the word document or on paper you have been using.

1. What is the difference between phishing and pharming?
2. Name three typical features of a phishing email.
3. Name any types of social engineering that require the physical presence of a scammer.
4. What is a keylogger?
5. Describe three pieces of advice that you think that the general public need to know to help them avoid falling for scams.

Upload your Word file or a photo of your paper that contains the notes and answers to questions that you have made throughout this lesson to www.bournetolearn.com.

You have completed the “Features of social engineering scams” and “Types of social engineering” activities.

You have completed all of Silver as well as the “Phishing Email” activity.

You have completed all of Silver and Gold, as well as the “Plenary Activity”.

In this lesson, you…

Began to understand non-automated forms of cyberattack and see how humans can be the weak points in an organisation.

Learnt how to spot phishing emails and play the part of a scammer in a social engineering role play exercise.

Next lesson, you will…

Understand automated forms of cyberattack.

Analyse a real cyberattack and identify the network or software weaknesses that enabled it to happen.