Knowledge Organiser: Social Engineering
Part of Social Engineering · GCSE GCSE Computer Science revision
This topic summary covers Knowledge Organiser: Social Engineering within Social Engineering for GCSE Computer Science. Revise Social Engineering in Network Security for GCSE Computer Science with 15 exam-style questions and 17 flashcards. This topic appears less often, but it can still be a useful differentiator on mixed-topic papers. It is section 9 of 9 in this topic. Use this topic summary to connect the idea to the wider topic before moving on to questions and flashcards.
Topic position
Section 9 of 9
Practice
15 questions
Recall
17 flashcards
Knowledge Organiser: Social Engineering
Key Terms
- Social engineering: Manipulating people psychologically to reveal information or perform actions
- Phishing: Fraudulent emails/messages pretending to be from a trusted source
- Spear phishing: Targeted phishing attack aimed at a specific individual or organisation
- Pretexting: Creating a fabricated scenario (pretext) to gain trust and extract information
- Baiting: Luring victims with something tempting (e.g. a USB labelled "Salary Info")
- Tailgating: Physically following an authorised person through a secure door
- Shoulder surfing: Watching someone enter passwords or PINs in public
Must-Know Facts
- Social engineering exploits HUMAN psychology, not technical vulnerabilities
- Phishing red flags: urgency, generic greeting ("Dear Customer"), suspicious links, spelling errors
- Banks NEVER ask for passwords or PINs via email
- Spear phishing is more dangerous because it uses personal information to appear convincing
- Best defence: staff training and awareness (you cannot "patch" humans like software)
- Multi-factor authentication limits damage even if a password is stolen
Key Concepts
- Attacks target trust, curiosity, fear, and helpfulness
- Phishing vs spear phishing: mass targeting vs individual targeting
- Physical attacks (tailgating, shoulder surfing) exploit in-person access
- Prevention: training, verification policies, email filtering, MFA, access control
Common Mistakes
- Confusing phishing with spear phishing: Phishing is mass/untargeted; spear phishing is targeted at a specific person or organisation using personal details
- Saying social engineering is a technical attack: It exploits human psychology (trust, fear, curiosity) — not software or hardware vulnerabilities
- Forgetting physical attacks: Tailgating and shoulder surfing are social engineering — examiners expect these alongside digital examples
- Suggesting technical solutions alone prevent social engineering: The main defence is staff training — you cannot patch human behaviour with software
- Describing phishing as "hacking": Phishing is deception/manipulation — it tricks users into handing over credentials, not breaking into systems directly
Revise this topic interactively on PrepWise — self-test mode, tap-to-reveal definitions, and Common Mistakes from examiners.
Try the interactive Knowledge Organiser — free →Keep building this topic
Read this section alongside the surrounding pages in Social Engineering. That gives you the full topic sequence instead of a single isolated revision point.
Practice Questions for Social Engineering
What is social engineering in the context of network security?
Explain how a phishing attack works.
Quick Recall Flashcards
15 questions on Social Engineering — practise free
Instant marking, adaptive difficulty, and 17 spaced repetition flashcards. Free until your GCSEs.
Try PrepWise Free