icon-background-square
New
New
Year 9

Social engineering

I can describe how social engineering is used to steal data and the steps that can be taken to stop it.

icon-background-square
New
New
Year 9

Social engineering

I can describe how social engineering is used to steal data and the steps that can be taken to stop it.

warning

These resources will be removed by end of Summer Term 2025.

Switch to our new teaching resources now - designed by teachers and leading subject experts, and tested in classrooms.

Lesson details

Key learning points

  1. Human error can be a risk to data security.
  2. Social engineering methods trick people into sharing information that can be used for fraudulent purposes.
  3. Name generator attacks, phishing and blagging are all social engineering methods.
  4. Social engineering attacks can be reduced through educating users of technology.

Keywords

  • Social engineering - the process of tricking people to reveal data that should be kept private

  • Name generator attacks - a method of collecting personal data by asking questions under the guise of generating a fun name

  • Phishing - messages or communication made to look like it is from an expected sender but linking to a website that steals data

  • Blagging - creating a story to trick someone into giving away their information or money

Common misconception

Social engineering involves technical skills and knowledge of computing concepts in order to carry out an attack.

Social engineering relies on manipulating a victim to steal their personal data. This is done by finding ways to trick the user in to handing over the data willingly.


To help you plan your year 9 computing lesson on: Social engineering, download all teaching resources for free and adapt to suit your pupils' needs...

Survey pupils to find out how many people they know have fallen victim to some form of social engineering. Discuss why this was allowed to happen and what steps could have been taken to prevent this.
speech-bubble
Teacher tip
equipment-required

Equipment

copyright

Licence

This content is © Oak National Academy Limited (2025), licensed on Open Government Licence version 3.0 except where otherwise stated. See Oak's terms & conditions (Collection 2).

Lesson video

Loading...

6 Questions

Q1.
Match the terms with their definitions.
Correct Answer:data,facts and figures in raw form
tick

facts and figures in raw form

Correct Answer:information,structured data with meaning
tick

structured data with meaning

Correct Answer:personal data,information about a specific person
tick

information about a specific person

Correct Answer:legislation,a set of laws passed by parliament
tick

a set of laws passed by parliament

Q2.
What does the Data Protection Act 2018 govern?
Correct answer: the handling of personal data
the sale of goods
the use of public transport
the collection of taxes
Q3.
Why is electronic data vulnerable?
It is always encrypted.
It can be easily duplicated.
It is stored physically.
Correct answer: It can be accessed remotely.
Q4.
Which of the following is not a characteristic of personal data?
It identifies a specific person.
Correct answer: It is always anonymous.
It is protected by law.
It can be sensitive.
Q5.
Where is data most commonly stored and accessed, making it accessible from anywhere in the world?
Correct Answer: online, the cloud, cloud
Q6.
What is one way a cybercriminal might exploit personal data?
to improve website functionality
to create educational content
Correct answer: to steal someone's identity
to enhance data security

6 Questions

Q1.
What is the main goal of social engineering?
to improve user experience
Correct answer: to trick people into revealing information
to enhance data security
to develop new software
Q2.
Which of the following is not a social engineering method?
phishing
blagging
Correct answer: data encryption
name generator attacks
Q3.
Order the steps in a typical phishing attack.
1 - Research the target's interests.
2 - Create a deceptive email.
3 - Send it to the target.
4 - Trick the target into clicking a link.
5 - Redirect the target to a fake website.
Q4.
What is blagging in the context of social engineering?
Correct answer: a method of inventing scenarios to obtain data
a type of encryption
a software vulnerability
a secure data protocol
Q5.
What is the term for the act of secretly observing someone enter private information, such as a PIN or password?
Correct Answer: Shouldering
Q6.
What is a key strategy to prevent falling victim to social engineering?
ignoring all technology
regularly updating software
Correct answer: being aware of common tactics
using the same password everywhere