Lesson video

Hello, my name is Mrs. Holborow, and welcome to Computing.

I'm so pleased you've decided to join me for the lesson today.

In today's lesson, we're going to be learning about social engineering and how social engineering techniques can be used by cybercriminals to trick or manipulate people into revealing confidential information.

Welcome to today's lesson from the unit "Cyber threats and security." This lesson is called "Social engineering techniques." And by the end of today's lesson, you'll be able to describe social engineering and explain the techniques used in social engineering.

Shall we make a start? We will be exploring these keywords throughout today's lesson.

Shall we take a look at them? Social engineering, social engineering, a method used by cybercriminals to trick people into giving away confidential information.

Cybercriminal, cybercriminal, a person who uses computers, networks, or digital devices to commit illegal activities online.

Human error, human error, a mistake made by people that accidentally leads to security breaches, data leaks, or other cyber incidents.

Look out for these keywords throughout today's lesson.

Today's lesson is broken down into two parts.

We'll start by describing social engineering, and then we'll move on to explain social engineering techniques.

Let's make a start by describing social engineering.

Social engineering is a technique used by cybercriminals to trick or manipulate people into revealing confidential information or performing actions that compromise security.

Cybercriminals use a wide range of social engineering techniques to target their attacks towards people and technology systems. They are constantly evolving their methods to exploit both humans and technology.

Malicious hackers may use social engineering techniques because it can be easier to trick people into giving confidential information than to hack software.

Cybercriminals use tactics that exploit the trust, curiosity, fear, or helpfulness of humans.

Time to check your understanding.

Is this statement true or false? Social engineering only targets technology systems. Pause the video whilst you have a think.

Did you select false? Well done.

Cybercriminals use a wide range of social engineering techniques to target their attacks towards people and technology systems. When using social engineering techniques, cybercriminals usually rely on human error as a key factor to the success of their attacks.

They may rely on humans making mistakes that cause them to click on links, share passwords, or offer confidential information unknowingly.

Cybercriminals work hard to get a human to make a mistake that leads to security breaches, data leaks, or other cyber incidents.

There are many real-life examples of social engineering that you may have heard of or even experienced.

It could be a well-crafted and convincing fake phone call or a text from the tech support department.

It could be a suspicious email asking for a human's login or bank details.

It could be someone following you through a secure door to gain access to a restricted area.

Can you think of any other examples, or have you experienced any other social engineering techniques? Is this statement true or false? Social engineering relies on human error as a key factor in the success of its attacks.

Pause the video whilst you have a think.

Did you say true? That's right.

Social engineering relies on human error.

Being aware of the social engineering methods that cybercriminals use matters because it helps people recognise and resist being tricked before it's too late.

Even the strongest cybersecurity systems can be compromised if someone is tricked into giving cybercriminals the information they need to attack the system.

Awareness matters because you are the first line of defence in cybersecurity, especially against social engineering.

There are ways you can protect yourself against cybercriminals that use social engineering.

Let's have a look at some of those now.

Be cautious with emails, links, and attachments, and don't open anything suspicious or from unknown sources.

Some businesses and organisations actually test their employees every now and again to see if they respond to suspicious emails or open links.

Never share your personal or confidential information.

Real organisations will not ask for passwords or sensitive data in emails or on the phone.

If someone contacts you unexpectedly, double check their identity through official channels.

Stay calm and don't rush.

Social engineers often try to create panic and rush people into making mistakes.

Take a moment to think before you act.

Time to check your understanding.

What is the best description of social engineering in cybersecurity? Is it A, hacking into software systems, B, tricking people into giving confidential information, or C, designing secure networks? Pause the video whilst you have a think about your answer.

That's right, tricking people into giving confidential information is the best description of social engineering.

Social engineering can be an effective tactic for cybercriminals because, A, it uses advanced technology, B, it breaks through firewalls, or C, it targets human trust and emotions.

Pause the video whilst you have a think.

Social engineering can be an effective tactic for cybercriminals because it targets human trust and emotions.

We are the weak spot in most systems. Okay, we're moving on to our first task of today's lesson.

I'd like you to explain what is social engineering, and how do cybercriminals use it to gain private information? Pause the video whilst you have a go at the task.

How did you get on with the task? Did you manage to explain what social engineering is? Well done.

Let's have a look at a sample answer together.

Social engineering is when cybercriminals try to trick people into giving away private information, like passwords or bank details.

Instead of just hacking computer systems, they try to fool people by pretending to be someone you trust, like your bank, a friend, or a company.

They might send you fake emails, make phone calls, or ask you to click on a link.

These tricks work because they play on human emotions like fear or curiosity.

It's important to be careful and think before you share information or click on anything suspicious.

Remember, if you want to pause your video here and add any extra detail to your answer, you can do that now.

Okay, so we've described social engineering.

Let's now move on to explain some social engineering techniques.

There are many forms of social engineering, and cybercriminals are constantly working to develop new methods.

Some common social engineering methods are blagging, phishing, pharming, shouldering, name generator attacks, tailgating, and eavesdropping.

Let's have a look at what these mean in a bit more detail.

Blagging, also known as pretexting, is an attack where the perpetrator invents a scenario in order to convince the victim to give them data or money.

Blagging often requires the attacker to maintain a conversation with the victim until they are persuaded to give up whatever the attacker has asked for.

So here's an example of an email which is asking the victim to get in contact about an exciting business opportunity.

Remember, if it sounds too good to be true, it probably is.

It can be hard to spot some blagging attacks, but there are a number of features that can help you spot an attempted attack.

Blagging attempts often use poor English, create a sense of urgency, and state unrealistic financial demands, like asking you to send money before any service has been provided.

Phishing is a social engineering technique where cybercriminals try to trick victims into clicking a link, often by pretending to be a trusted source like a bank or company.

Phishing emails can seem like they're from the real company, but there are some signs that can help you spot them.

Let's take a look at some of those signs now.

They can often use false company logos.

They often use impersonal greetings, so don't use your actual name.

They often have no actual information about the account, such as the account name or account number.

They often use a sense of urgency and scare tactics.

An email asks the user to click a link to take action.

Sometimes, they have incorrect use of English and misspelt words.

The domain name does not match the email address.

Is this statement true or false? Phishing is a social engineering technique that aims to trick victims into clicking a link.

Pause the video whilst you have a think.

Did you say this was true? Well done.

Pharming redirects victims to a bogus site, even if the victim has typed in the correct web address.

This is often applied to the websites of banks or e-commerce sites.

Shouldering is an attack designed to steal a victim's password or other sensitive data.

It involves the attacker watching the victim while they're providing sensitive information.

For example, over their shoulder.

This type of attack might be familiar.

It's often used to find out someone's PIN at a cash machine.

A name generator attack asks the victim to combine a few pieces of information or complete a short quiz to produce a name in an app or social media post.

Attackers do this to find out key pieces of information that can help them to answer the security questions that protect people's accounts, such as mother's maiden name, your first name, or your place of birth.

Tailgating is a physical security breach in which an unauthorised person follows an authorised individual to enter secured premises.

Eavesdropping is a technique that involves the social engineer being physically present to overhear confidential conversations.

Time to check your understanding.

Pharming is when a victim is, A, redirected to a bogus website, B, tricked into clicking a link in a message or email, or C, convinced to give money or data in a fake scenario.

Pause the video whilst you have a think about your answer.

Did you select A? Well done.

Pharming is when a victim is redirected to a bogus website.

Is this statement true or false? Tailgating is when cybercriminals try to trick victims into clicking a link.

Pause the video whilst you have a think.

Did you say false? Well done.

Tailgating is a physical security breach in which an unauthorised person follows an authorised individual to enter secured premises.

Okay, we're moving on to our next task of today's lesson, and you've done a fantastic job so far, so well done.

Aisha says, "I've heard people talk about cyberattacks, but I've never heard of social engineering.

What techniques do cybercriminals use in social engineering?" For part 1, describe specific techniques used in phishing, shouldering, and name generator attacks.

For part 2, explain how you can avoid becoming a victim of these attacks.

Pause the video whilst you complete the task.

How did you get on? Did you manage to complete the tasks? Well done.

Let's have a look at some sample answers together.

For part 1, you were asked to describe specific techniques used in phishing, shouldering, and name generator attacks.

In phishing, cybercriminals create fake emails, websites, and messages to trick victims into clicking links or entering personal details, such as usernames, passwords, or bank information.

In shouldering, the cybercriminal watches someone's screen or keyboard to look at sensitive information being entered.

They usually look to gain someone's passwords on phones and computers, or PIN number at a cash machine.

In name generator attacks, cybercriminals create fake quizzes or games to trick people into revealing private information that is often used in passwords or to reset passwords.

They try to steal information such as pets' names and mothers' maiden names, et cetera.

Remember, if you want to pause the video here and add any detail to your answer, you can do that now.

For part 2, you were asked to explain how you can avoid becoming a victim of these attacks.

To avoid phishing attacks, people should think before they click on links or download attachments, and carefully check the sender.

They should also never enter personal information via links or emails and go to official secure websites with https in the URL.

To avoid shouldering attacks, people should be aware of their surroundings and look out for people watching over them.

They should also cover their screen and keyboard when entering private information.

To avoid name generator attacks, people should avoid sharing personal information in online quizzes and games, even if it seems fun or harmless.

People should also be careful on social media and not post details about pets' names, schools, place of birth, et cetera, as these can be used to guess security answers.

Okay, we've come to the end of today's lesson, "Social engineering techniques," and you've done a fantastic job, so well done.

Let's summarise what we've learned together in this lesson.

Social engineering is a cybercrime that aims to trick people into compromising security.

Social engineering mainly targets human emotion to force human error rather than exploiting technical systems. There are many forms of social engineering, and cybercriminals are constantly working to develop new methods to trick humans.

I hope you've enjoyed today's lesson, and I hope you'll join me again soon, bye.