This short module opens with a video of a social engineering professional showing off her skills, then moving on to some psychological principles and tactics underlying social engineering approaches. Next, it includes a brief activity asking students to a consider how a social engineer might get their credit card number. Finally, it opens into a discussion about how likely it is these techniques would work on the class, and mitigation strategies.
Note: This section builds on many of the open source intelligence techniques examined in the Targeted harassment and doxxing module.
Threat modeling
(Good to know) Targeted harassment and doxxing
35-40 minutes
Upon successful completion of this lesson, students will be able to identify key social engineering tactics, as well as mitigation techniques.
Many attacks require little or no technical knowledge, and can be conducted by simply talking to people. Beginning journalists should understand that there are malevolent actors out there who will pretend to be someone they're not (whether a friend, or an authority), in order to take advantage of access they or their newsroom may have.
(Before class) Listen to this episode of the "Darknet Diaries" podcast, about stories from a social engineering professional: "Alethe"
Social engineering (Google Slides)