Lesson details

Key learning points

  1. In this lesson, we will become aware of how humans can be a weak point in the system. We will look at the social engineering tactics deployed by cybercriminals to dupe users into giving away data that could lead to further crime.


This content is made available by Oak National Academy Limited and its partners and licensed under Oak’s terms & conditions (Collection 1), except where otherwise stated.


5 Questions

When data has been processed and is meaningful, which of these has it become?
Identifiable data
Correct answer: Information
Processed data
Profiled data
Is the following data or information: "Sophie got 38 out of 40 on her English test"
Correct answer: Information
Why might a company collect information about you to form a profile? (Which two of the following apply?)
Correct answer: So that they can recommend products to you based on previous products you have purchased or viewed
So that they can sell the information onto cybercriminals without your permission
Correct answer: So that they can sell the information to marketing companies
What is the purpose of the Data Protection Act?
To act as a deterrent to cybercriminals who try to steal data on people
To prevent cybercriminals from spreading a virus
To protect an organisation from hackers
Correct answer: To require organisations that store data on people to use it responsibility and keep it safe
One of your rights under the Data Protection Act is to have your data deleted. Do you have the right to ask a your school to delete all of the information it stores on you?
Correct answer: Yes

4 Questions

Which one of the following best describes social engineering?
An automated attack on computer systems
Cybercriminals stealing data through hacking into systems
Correct answer: Humans using methods trick or manipulate other humans into handing over information
Websites deceiving humans into giving away personal data
"An attack that involves an attacker watching the victim while they provide sensitive information" is a description of which of the following?
Name generator attack
Correct answer: Shouldering
Which of the following is when attackers create short, fun quizzes in an attempt to find out key pieces of information that can help them answer account security questions?
Correct answer: Name generator attack
You receive an email from an unknown sender asking for money. The sender wants you to respond to the email. There are no hyperlinks in the email, but it includes unusual use of English and there are a number of spelling mistakes. What type of social engineering attempt is this?
Correct answer: Blagging