Cyber Psychology and Social Engineering Social engineering is the clever manipulation of the natural human tendency to trust. Criminal hackers often use social engineering techniques to gain information about or access to their targets. You want to get hold of some information about where your school keeps its student files and who has access to them. How do you find out?
In your groups Pick one of the cyber psychology threats and draw it or role play/act it out for the rest of the group to guess...
Cyber Psychology ThreatsDefinition PretextingA criminal tries to get someone to give them information by inventing a reason they need to be told. Often by pretending to be someone official/helpful. Quid pro quoSimilar to pre-texting but usually the person will give something valuable to the target, to earn their trust. TailgatingFollowing someone through a barrier or security door to avoid having to have an access card or keycode. PhishingA common cyber crime: an official looking email asks a user to click on a link and update their details or send money. Often recognisable by strange fonts or bad spelling. BaitingCyber criminals use clever tricks to get someone to upload a virus. This could be writing ‘VERY IMPORTANT’ on a USB stick and leaving it on the ground for someone to find.
Look at the web security threats... What advice could you give people to reduce their chances of becoming victims of these sorts of threats?
securefutures.org The game you’re about to play has been created as a way of letting you test your cyber skills. The games are self explanatory, you just need to create a login (maybe note it down so you don’t forget it).
Plenary 1: Threat Bingo choose nine threats from the list and put them randomly into a 3x3 square. As I read out the definitions you can tick off the threats and the first to get a line of three shouts ‘bingo!’ and wins.
Plenary 2: Case Studies In pairs or small groups, read the digital forensics case studies and sum them up (for the benefit of those who have the other study). Answer the following questions afterwards 1.What do you understand by the term ‘digital forensics’? 2.Discuss other crimes that might be solved using digital forensics. 3.What sort of skills do you need to work in digital forensics? 4.Are there any ethical concerns with digital forensics?