AQA Computer Science GCSE
Cyber Security – Social Engineering
Social engineering is the art of manipulating people so that they give up useful information.
This can be done face to face, over the phone or by using computer technology, but doesn't involve technical "hacking" as such. It takes advantage of the fact that the user is often the weakest point in a computer security situation.
Social engineering can include lots of different techniques, but you only need to know three key ones. Make sure you know the sorts of things organisations can do in order to combat social engineering as well.
Social Engineering – intro slides
Three social engineering techniques – textbook double page spread
Table to print – if you need a template to work from for notes
Phishing and Pharming – slides from class
Note that pharming is no longer considered social engineering by the exam board. But phishing attacks are often used as a way of directing people towards pharming websites. So the two often, but not always, go together.
Combatting Social Engineering
Many organisations have guides to educate users about the dangers of social engineering. I quite like the ones produced by the NatWest bank because they're quite clear:
- NatWest – social engineering scams guide
- NatWest – pharming guide
- HSBC's fraud guide – includes a link to a PDF with the sorts of guidance banks give to customers (which is a key management point)