Year 9 – Cybersecurity

Social engineering
Activity 1: Phishing

A phishing attack is an attack in which the victim receives an email disguised to look
as if it has come from a reputable source, in order to trick them into giving up
valuable data.

The email usually provides a link to another website where the information can be
inputted.

What three pieces of advice would you give to someone to stop them from becoming
the victim of a phishing attack?

1. Don’t use the exact same password for every website.

2. Don’t click on any link that you don’t know, trust, or if you just thing it is
suspicious.

3. Look for little signs in something like an email (e.g typos, grammar
mistakes, etc.)

Page 1 Last updated: 21-05-21

Activity 2: Blagging

Underline and number the parts of the email that make it suspicious; complete the
table below to describe why it’s suspicious (an example has been provided).

Number Reason

1. If they knew you, which, from the email, it definitely seems like they do
(“my dear friend”), they would know your name and put it at the top of
the email. It also looks like a computer generated email and the
scammer just forgot to put the name at the top.

2. Big typo, “deer”. It is suspicious because you would definitely check for
typos in a professional email.

Page 2
 3. Grammar mistake, “I look forward to you respond”. Again, a
businessman would check for typos / grammar mistakes in a
professional business email.

Activity 3: Protecting your customers

Put yourself in the shoes of the cybersecurity team of a national bank. Your job is to
try to prevent your customers becoming victims of social engineering.

4.1. Complete the information poster below.

Shouldering

Keep your pins and passwords safe from

shouldering.

What is shouldering?

Shouldering is sneakily ‘looking over someone’s

shoulder’ at their personal information, e.g.
passwords, etc.

What can I do to stop myself becoming a victim?

You could just avoid using the ‘show password’

feature when typing in your password and the
letters will appear as little black dots.

Page 3
4.2 Blagging/phishing email

Write a short blagging email that tries to convince the recipient that they need to
send you some money. Add in some obvious characteristics that are common in
blagging emails.

hello, denial!

I’m am emailinhg yopu to email you about a loan of mony. obvusly I’ am a a deer friendd
of you for manny years now and. i am in need of a little bitofmo ney.

Pls email back with ur password and usernam bcuz I need to log into ur accout

Ty

|?<NAME>?|

Give advice to the customers on how to spot a blagging or phishing email.

Scam email warning!

Page 4
Three ways to spot a scam email:

1. Look for typos.

2. Look for places where they don’t know your name.

3. Look for mistakes in computer generated messages (not filling in a name, etc.)

Explorer activity

Using the links to the UK National Cyber Security website to help you, answer the
following questions:

Question Your answer

Describe what is
meant by the term
‘spear phishing’?

(https://
www.ncsc.gov.uk/
guidance/phishing)

Read the advice about

spotting phishing
emails. What tips did
you find that you
haven’t listed in the
advice you gave in
task 4.2?

(https://
www.ncsc.gov.uk/
guidance/suspicious-
email-actions)

What is two-factor
authentication?

(https://
www.ncsc.gov.uk/

Page 5
 guidance/setting-two-
factor-authentication-
2fa)

Page 6