Scribd Logo
Upload

Welcome to Scribd!

  • L2 Slides - Cyber Security - Y9

    Uploaded by

    Ahmed Raed
    6 views19 pages
    This lesson teaches about social engineering security risks. It discusses how human errors can compromise data security and introduces common social engineering techniques like phishing, blagging, and shoulder surfing. Students learn to identify suspicious emails and protect customers from social engineering threats. The next lesson will cover hacking methods and cybersecurity laws.

    Original Description:

    Original Title

    L2 Slides – Cyber Security – Y9

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This lesson teaches about social engineering security risks. It discusses how human errors can compromise data security and introduces common social engineering techniques like phishing, blagging, and shoulder surfing. Students learn to identify suspicious emails and protect customers from social engineering threats. The next lesson will cover hacking methods and cybersecurity laws.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pptx, pdf, or txt
    6 views19 pages

    L2 Slides - Cyber Security - Y9

    Uploaded by

    Ahmed Raed
    This lesson teaches about social engineering security risks. It discusses how human errors can compromise data security and introduces common social engineering techniques like phishing, blagging, and shoulder surfing. Students learn to identify suspicious emails and protect customers from social engineering threats. The next lesson will cover hacking methods and cybersecurity laws.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pptx, pdf, or txt
    of 19

    Lesson 2: Social

    engineering
    Year 9 – Cybersecurity
    Objectives

    Lesson 2: Social engineering


    In this lesson, you will
    ● Recognise how human errors pose security risks to data
    ● Implement strategies to minimise the risk of data being compromised through human
    error

    2
    Starter activity

    Which rock star are you?

    Open a web browser and type in the following URL


    to find out:

    ncce.io/rockstar

    3
    Starter activity

    You’ve been a victim of social engineering

    How might a hacker use the data that you Name


    have willingly given to them? Date of birth

    Email
    address
    Favourite band or
    artist
    Data you
    submitted
    Name of first pet

    Mother’s maiden
    Favourite colour name

    4
    Activity 1

    Social engineering

    There are lots of technical ways to try and keep


    data safe and secure.

    Human error arguably creates the largest risk of


    the data being compromised.

    Social engineering is a set of methods used by


    cybercriminals to deceive individuals into
    handing over information that they can use for
    fraudulent purposes.

    5
    Activity 1

    Social engineering

    What’s different about social engineering, in


    comparison to other cybercrimes, is that it is
    humans trying to trick or manipulate other
    humans.

    6
    Activity 1

    Shouldering

    Shouldering (also known as shoulder


    surfing) is an attack designed to steal a
    victim's password or other sensitive data.

    It involves the attacker watching the


    victim while they provide sensitive
    information, for example, over their
    shoulder. This type of attack might be
    familiar; it is often used to find out
    someone's PIN at a cash machine.

    7
    Activity 1

    Name generator attacks

    These are attacks in which the victim is


    asked in an app or a social media post to
    combine a few pieces of information or
    complete a short quiz to produce a name.

    Attackers do this to find out key pieces of


    information that can help them to answer
    the security questions that protect people's
    accounts.

    8
    Activity 1

    Phishing

    A phishing attack is an attack in which


    the victim receives an email disguised to
    look as if it has come from a reputable
    source, in order to trick them into giving
    up valuable data.

    The email usually provides a link to http://l0g1npage.com/B3G7?id=4n

    another website where the information


    can be inputted.

    Sending similar messages by SMS is known as


    smishing.
    9
    Activity 1

    Phishing

    It is called phishing, as in ‘fishing’,


    because:

    ● A line is thrown out into a place


    where there are many potential ‘fish’
    (victims)
    ● The line has bait on the end in order
    to attract the victims
    ● If a victim bites (clicks the link) they
    are hooked in

    10
    Activity 1

    Phishing: Key indicators of a phishing email

    ● Unexpected email with a request for information


    ● Message content contains spelling errors
    ● Suspicious hyperlinks in email
    ○ Text that is hyperlinked to a web address that contains spelling errors and/or lots of random
    numbers and letters
    ○ Text that is hyperlinked to a domain name that you don't recognise and/or isn't connected to the
    email sender
    ● Generic emails that don't address you by name or contain any personal
    information that you would expect the sender to know

    Complete Activity 1 on your worksheet.


    11
    Activity 2

    Blagging

    Blagging (also known as pretexting) is


    an attack in which the perpetrator
    invents a scenario in order to convince
    the victim to give them data or money.

    This attack often requires the attacker


    to maintain a conversation with the
    victim until they are persuaded to give
    up whatever the attacker asked for.

    12
    Activity 2

    Blagging

    The following email doesn’t contain a


    hyperlink to click on, but it does
    include suspicious information.

    Think/write/pair/share:

    Try to find a minimum of three things


    that make this email suspicious.

    Complete this on your worksheet.

    13
    Activity 2

    Blagging

    ● Suspicious code in email (‘Dear


    <name?>’)

    ● Spelling mistakes (‘deer friend’)

    ● Unusual use of English (‘a


    excitable business opportunity’)

    14
    Activity 2

    Blagging

    Blagging doesn’t only happen via email.

    Watch this video

    15
    Activity 2

    Phishing or blagging?

    Watch this video

    Questions

    What is the difference between phishing


    and blagging?

    Was what happens on this video phishing


    or blagging?

    What about the email made it suspicious?

    16
    Activity 3

    Protecting your customers

    Put yourself in the shoes of the


    cybersecurity team of a national bank.
    Your job is to try to prevent your
    customers becoming victims of social
    engineering.

    Complete tasks 4.1 and 4.2 on your


    worksheet.

    17
    Plenary

    Plenary questions

    Use the worksheet to complete the


    multiple-choice questions.

    18
    Summary

    Next lesson

    In this lesson, you... Next lesson, you will…

    Recognised that human errors pose Look at common methods used by


    security risks to data hackers and what laws are in place to act
    as deterrents
    Looked at strategies to minimise the risk
    of data being compromised through
    human error

    19

    You might also like