License: Creative Commons Attribution 4.0 (CC BY 4.0)
Audience: High school or early undergraduate learners
Length: 60–90 minutes
Delivery Mode: In-person, hybrid, or online
Lesson Summary
This lesson introduces learners to social engineering—a non-technical form of cyberattack that targets human behavior. Students will explore common tactics, analyze real-world examples, and design strategies to recognize and respond to manipulation techniques.
Learning Goals (Aligned to Backward Design - Stage 1)
By the end of this lesson, learners will be able to:
Define social engineering and describe its role in cybersecurity.
Identify and explain common social engineering tactics (phishing, baiting, tailgating, pretexting).
Analyze a case of social engineering and propose a prevention strategy.
Create a public awareness artifact warning others of social engineering risks.
Essential Questions
What makes people vulnerable to cyber manipulation?
How can we recognize and resist social engineering tactics?
How can awareness be a form of defense?
UDL Alignment: Representation
Provide definitions through text, visuals, and real-world audio/video clips.
Offer vocabulary guides and a glossary for new terms.
Core Concepts
Social Engineering: Psychological manipulation of people to reveal confidential information or perform unsafe actions.
Phishing: Fraudulent emails or messages tricking users into revealing personal data.
Baiting: Luring users with something enticing (e.g., USB drive labeled “Payroll”).
Pretexting: Fabricated scenarios to steal data (e.g., pretending to be tech support).
Tailgating: Gaining physical access by following authorized users.
Optional Media
Short video (3–5 min) demonstrating phishing and baiting
Infographic showing attack tactics and warning signs
Real audio clip of a scam call (transcript provided)
UDL Alignment: Representation & Engagement
Use multiple formats (video, audio, text).
Add closed captions and alt-text for visuals.
Offer media alternatives for different learning preferences.
Activity 1: Recognize the Attack
Format: Station-based or breakout groups (20–25 min)
Task: Students examine simulated social engineering cases (e.g., screenshots, scripts, fake messages) and decide:
What tactic is being used?
How should the target respond?
Supports:
Provide a decision-tree chart.
Allow for small-group discussion or individual reflection.
Activity 2: Design a Defense (UDL – Action & Expression)
Task: Students choose a tactic (e.g., phishing) and create an awareness product to educate peers or the public. Options:
Mini-poster or infographic
1-minute public service video or audio clip
Comic strip
Social media-style warning message
UDL Integration:
Give students voice and choice in format.
Provide templates and sentence starters.
Allow use of tools like Canva, Google Slides, or Flip.
Formative Assessment (Embedded)
Scenario responses (Activity 1)
Instructor observation during group work
Use of checklists or peer feedback forms
Summative Assessment
Final Product Rubric (flexible, 3-point scale)
Accuracy of Information
Clarity & Audience Appropriateness
Creativity or Visual Impact
Reflection Options (UDL – Engagement)
Written reflection: “How has your understanding of social engineering changed?”
Audio response (1–2 minutes, using phone or app)
Group discussion: What tactics are hardest to recognize and why?
Page 5: Accessibility & Extension Options
Accessibility Notes (UDL Summary)
UDL Principle
Multiple Means of Representation
Multiple Means of Action and Expression
Multiple Means of Engagement
Strategy Implemented
Videos, visuals, transcripts, real-world examples
Choice of project format, templates, tech tools
Relatable cases, choice, group work, reflection
Extensions
Interview an IT professional about social engineering.
Create a class “Scam Watch” board where students share suspicious messages.
Build a phishing awareness campaign for your school.
Downloadable Materials (Optional)
Scenario cards (PDF or Slides)
Rubric template
Sample projects for inspiration
Glossary handout