Skip main navigation
Home / IT & Computer Science / Cyber Security / Introduction to Cybersecurity for Teachers / Social engineering

Social engineering

Learn about the different types of social engineering used in the modern world, the types of data they are after and how you can protect yourself.

Automated social engineering

In the previous step, you saw the value of your data. Now, you will learn about social engineering attacks, in which attackers try to steal your data. In this step, you will be introduced to phishing, pharming, and name generator attacks.

What is social engineering?

Social engineering is the name given to the type of attack that deceives victims into sharing valuable personal data.

There are many different types of social engineering attack. In this step, you will learn about three kinds:

  • Phishing attacks
  • Pharming attacks
  • Name generator attacks

Phishing attacks

A phishing attack is an attack in which the victim receives an email disguised to look like it has come from a reputable source, in order to trick them into giving up valuable data.

The email will either ask for the information directly, or provide a link to another website where the information can be inputted. This attack may also come via phone call or text message.

Phishing emails can be recognised in a number of ways. Key indicators to look out for include:

  • Any unexpected email with a request for information
  • Sender email addresses that contain spelling errors, lots of random numbers and letters, and/or domain names that you don’t recognise
  • Suspicious hyperlinks:
    • Text that appears to be hyperlinked but does not contain a link
    • Text that is hyperlinked to a web address that contains spelling errors and/or lots of random numbers and letters
    • Text that is hyperlinked to a domain name that you don’t recognise and/or isn’t connected to the email sender
  • Generic emails that don’t address you by name or contain any personal information that you would expect the sender to know

Some phishing attacks are more sophisticated and target specific individuals or groups of people, for example, by pretending to be from a company that the person has an account with. This is called spear phishing.

To avoid phishing attacks, you should not fill out forms or click on links in emails that you are not expecting.

Pharming attacks

A pharming attack is an attack in which malware redirects the victim to a malicious version of a website. The malware could infect the victim’s computer or the DNS server (the database that allows your browser to find the website you’re visiting — find out more about these in our networking course). Then, when the victim enters a web address into their browser, they visit a website controlled by the attacker, rather than the legitimate website. The attacker can then collect any data that the victim inputs into the website. Links in phishing emails may also redirect victims to pharming websites.

A pharming website with an incorrectly spelt URL As with phishing attacks, pharming attacks can be identified from aspects of the website that seem out of place or incorrect. For example, any of the following could indicate a pharming attack:

  • Spelling errors or incorrect logos
  • Broken or missing links
  • A notification from your browser warning you that the webpage is insecure
  • The lock symbol that your browser uses to confirm that a webpage is secure is missing

If you suspect that a website is malicious, you should close your browser and run up-to-date antivirus software on your computer, then reload the page to see if it has changed.

Name generator attacks

A name generator attack is an attack in which the victim is asked in an app or social media post to combine a few pieces of information or complete a short quiz to produce a name.

Attackers do this to find out key pieces of information that can help them to answer the security questions that protect people’s accounts.

To protect yourself from name generator attacks, you should avoid providing apps with the following pieces of information or posting this information publicly on social media sites:

  • Your mother’s maiden name
  • Names of current or previous pets
  • Previous or current addresses
  • Your age or birthdate
  • Your lucky number
  • Any of your favourite things (such as your favourite place or author)
  • Any information that you know you have used to create a password or set up a security question

Next step

In the next step, you will learn about two types of social engineering attack that require the attacker to interact with the victim more personally.

Questions

  • What are social engineering attacks used for?
  • Why do you think social engineering attacks are effective?
  • Of the three types of social engineering attack discussed, which do you think is the most likely to be successful?

Share your answers in the comments

Want to keep learning?

This content is taken from Raspberry Pi Foundation online course
Introduction to Cybersecurity for Teachers
View Course
See other articles from this course
This article is from the online course:

Introduction to Cybersecurity for Teachers

Created by
Join Now
This article is from the free online

Introduction to Cybersecurity for Teachers

Created by
Join Now
FutureLearn - Learning For Life

Reach your personal and professional goals

Unlock access to hundreds of expert online courses and degrees from top universities and educators to gain accredited qualifications and professional CV-building certificates.

Join over 18 million learners to launch, switch or build upon your career, all at your own pace, across a wide range of topic areas.

Start Learning now

Register to receive updates

  • Create an account to receive our newsletter, course recommendations and promotions.

    Register for free