Embedded Files
Lesson Plan: Introduction to Social Engineering
Lesson Plan: Introduction to Social Engineering
Course: Introduction to Cybersecurity
Lesson Length: 1–2 class sessions (60–90 minutes total)
Audience: High school or undergraduate learners
Modality: In-person or online
Design Framework: Backward Design + UDL Principles
Learning Objectives
Students will be able to:
Define social engineering and explain how it differs from technical attacks.
Identify and describe common social engineering tactics (e.g., phishing, pretexting, baiting).
Analyze a real-world social engineering case.
Apply strategies to recognize and prevent social engineering in everyday scenarios.
Stage 1: Identify Desired Results
Enduring Understandings
Social engineering exploits human behavior.
Employees must remain alert to deception tactics.
Prevention relies on recognition and response.
Essential Questions
What is social engineering, and how does it exploit human behavior?
Why is it important to recognize social engineering techniques?
How can individuals and organizations defend against social engineering attacks?
Stage 2: Determine Acceptable Evidence
Performance-Based Assessments
Case Study Analysis: Students analyze a real or simulated social engineering attack and answer guided questions.
Defense Strategy Poster or Video: In groups, students create a short presentation or infographic recommending mitigation strategies for a common tactic.
Formative Checks
Poll or quiz on common tactics
Exit ticket: “What’s one sign of a social engineering attempt?”
Reflective journal or discussion post: “Have you ever encountered a phishing attempt?”
Stage 3: Plan Learning Experiences and Instruction
Warm-Up (10 min)
Activity: Show a fake phishing email or voice recording. Ask: “Would you click this? Why or why not?”
UDL: Use visual, audio, and text-based stimuli.
Mini-Lecture (15 min)
Topics:
Definition of social engineering
Psychological manipulation tactics
Common types: phishing, pretexting, baiting, tailgating
UDL: Offer printed slides, transcripts, and captioned video clips.
Interactive Activity (20 min)
Scenario Stations (3–4 short simulations or case studies):
Students rotate through scenarios and decide: “Is this a threat? What would you do?”
UDL: Multiple modes of expression (oral, written, drawing, flowcharts).
Group Task (25 min)
Create a Defense Guide: Students choose a social engineering tactic and build a prevention resource (poster, skit, PSA, comic strip).
UDL: Choice of format and collaboration methods.
Wrap-Up + Reflection (10 min)
Recap: “What signs should we look for?”
Personal reflection or partner share: “What will you do differently after today?”
Optional extension: Create a cybersecurity awareness message for your school or workplace.
Materials Needed
Materials Needed
Slides or an infographic on tactics
Fake phishing emails or audio clips
Handout for scenario stations
Rubric for project (simple, 2–3 criteria: clarity, accuracy, creativity)
Page updated
Google Sites
Report abuse