Social engineering
This page needs a recent browser (with SharedArrayBuffer support). Please update Chrome, Edge, Firefox or Safari to the latest version.
Hacking the human
- The weakest part of any system is often people, not computers.
- Social engineering means tricking a person into giving away secrets or access. No malware needed.
Phishing and pharming
- Phishing — a fake email or message that looks real, asking you to "log in" on a fake site that steals your password.
- Pharming — redirecting you to a fake website even when you typed the correct address.
- Both aim to steal your login details by pretending to be a site you trust.
Spotting a phishing message
- Check the sender's address and the link — hover to see where it really goes.
- Watch for urgency ("act now or your account closes!") and spelling mistakes.
- A real bank will never ask for your password by email.
Other tricks
- Shoulder surfing — simply watching you type your PIN.
- Baiting — leaving an infected USB stick for a curious person to plug in.
- The defence is awareness: slow down and check before you click or type.
Covers: IGCSE 5.3 (phishing, pharming, social engineering), AP CSP Big Idea 5.