Knowledge organisersThreats to computer systems and networks

Forms of attack: Social engineering, e.g. phishing, people as the 'weak point'

Knowledge organiser

Threats to computer systems and networks

1.4.1a.ii

What you need to know

Social engineering is the art of manipulating people into revealing confidential information. It exploits human psychology rather than technical vulnerabilities — people are often the 'weak point' of security.

Key points

Definition:Social Engineering: manipulating people into giving up confidential information by exploiting human trust and psychology.
Definition:Phishing: a social engineering technique where fraudulent emails or messages are designed to look like they come from a reputable source (e.g. a bank) to trick victims into revealing personal information.
People are considered the 'weak point' of security because they can be tricked, unlike firewalls or encryption.
Phishing typically contains a link to a fake website that looks legitimate, tricking users into entering login details or personal data.
Definition:Pharming: redirecting a user to a fake website (via malware or DNS poisoning) where they unknowingly enter personal data.
Definition:Shoulder Surfing: watching someone enter their password or personal information by looking over their shoulder.
Exam Tip:Social engineering attacks target PEOPLE, not technology. The weakness is the HUMAN, not the computer system.
Common Mistake:Describing phishing as 'hacking'. Phishing is a form of social engineering — it tricks people rather than exploiting technical vulnerabilities.

Knowledge organisersThreats to computer systems and networks

Forms of attack: Social engineering, e.g. phishing, people as the 'weak point'

All topics Practise exam questions

Knowledge organiser

Threats to computer systems and networks

1.4.1a.ii

What you need to know

Key points

Definition:Social Engineering: manipulating people into giving up confidential information by exploiting human trust and psychology.
Definition:Phishing: a social engineering technique where fraudulent emails or messages are designed to look like they come from a reputable source (e.g. a bank) to trick victims into revealing personal information.
People are considered the 'weak point' of security because they can be tricked, unlike firewalls or encryption.
Phishing typically contains a link to a fake website that looks legitimate, tricking users into entering login details or personal data.
Definition:Pharming: redirecting a user to a fake website (via malware or DNS poisoning) where they unknowingly enter personal data.
Definition:Shoulder Surfing: watching someone enter their password or personal information by looking over their shoulder.
Exam Tip:Social engineering attacks target PEOPLE, not technology. The weakness is the HUMAN, not the computer system.
Common Mistake:Describing phishing as 'hacking'. Phishing is a form of social engineering — it tricks people rather than exploiting technical vulnerabilities.