That Blue Square Thing

AQA Computer Science GCSE

This page is up to date for the AQA 8525 syllabus for exams from 2022.

Cyber Security – Social Engineering

Social engineering is the art of manipulating people so that they give up useful information.

This can be done face to face, over the phone or by using computer technology, but doesn't involve technical "hacking" as such. It takes advantage of the fact that the user is often the weakest point in a computer security situation.

Social engineering can include lots of different techniques, but you only need to know three key ones. Make sure you know the sorts of things organisations can do in order to combat social engineering as well.

PDF iconSocial Engineering – intro slides

PDF iconThree social engineering techniques – textbook double page spread

PDF iconTable to print – if you need a template to work from for notes

PDF iconPhishing and Pharming – slides from class

Note that pharming is no longer considered social engineering by the exam board. But phishing attacks are often used as a way of directing people towards pharming websites. So the two often, but not always, go together.

Combatting Social Engineering

Many organisations have guides to educate users about the dangers of social engineering. I quite like the ones produced by the NatWest bank because they're quite clear: