You are viewing a free preview of this lesson.
Subscribe to unlock all 10 lessons in this course and every other course on LearningBro.
This lesson explores social engineering in detail, as required by OCR J277 Section 1.4. Social engineering is one of the most common and effective attack methods because it exploits human psychology rather than technical vulnerabilities.
Social engineering is the manipulation of people into performing actions or revealing confidential information. Rather than hacking into a system directly, the attacker tricks a person into giving them access.
Social engineering is effective because:
Phishing is the most common form of social engineering. Attackers send emails or messages that appear to come from legitimate organisations to trick victims into:
| Warning Sign | Example |
|---|---|
| Generic greeting | "Dear Customer" instead of your name |
| Urgency or threats | "Your account will be closed in 24 hours" |
| Suspicious sender address | support@bank-security-verify.com |
| Spelling/grammar errors | "Plese verify you're acount" |
| Unexpected attachments | Invoice.pdf.exe |
| Mismatched URLs | Link text says "www.bank.com" but leads elsewhere |
OCR Exam Tip: In the exam, you may be given an example email and asked to identify features that suggest it is a phishing attempt. Look for generic greetings, urgency, suspicious links, and poor grammar.
Pharming redirects users from a legitimate website to a fraudulent one without their knowledge. Unlike phishing (where the victim clicks a link), pharming can affect users who type the correct web address into their browser.
| Feature | Phishing | Pharming |
|---|---|---|
| User action required | Click a link | None — redirect is automatic |
| Method | Fake email/message | DNS poisoning or malware |
| Harder to detect | Can spot suspicious links | User sees correct URL in browser |
Subscribe to continue reading
Get full access to this lesson and all 10 lessons in this course.