wwc2025 /Cyber for Beginners

Lab 5 — Social Engineering Analysis

Recognize, Respond, Teach

Purpose

This lab focuses on recognizing social engineering patterns and understanding why they work, without exposing students to real scams, brands, or live interactions.

Instead of memorizing examples, you will analyze synthetic scenarios and practice:

  • Identifying manipulation techniques
  • Explaining the psychological pressure being applied
  • Choosing safe, responsible responses
  • Thinking about how social engineering can be taught without causing harm

This lab is analysis-only. You will not click links, enter credentials, or interact with real systems.

Core Concepts

  • Phishing
  • Pretexting
  • Vishing / Smishing
  • Psychological levers
  • Urgency
  • Authority
  • Fear
  • Helpfulness
  • Responsible cybersecurity education

Why This Matters

Social engineering works because it targets human decision-making, not technical weaknesses.

Even careful, knowledgeable people can be influenced under:

  • Time pressure
  • Authority claims
  • Fear of consequences
  • Social obligation or helpfulness

Understanding these patterns helps you:

  • Protect yourself and others
  • Respond calmly instead of reactively
  • Teach cybersecurity concepts responsibly

What You Will Do

You will be shown several simulated communication attempts, such as:

  • Emails
  • Text messages
  • Phone call summaries

All scenarios are:

  • Fictional
  • Brand-neutral
  • Designed for classroom safety

For each scenario, you will:

1. Recognize the Pattern

Identify:

  • The social engineering technique
  • The primary psychological lever

2. Deconstruct Why It Works

Explain:

  • What the sender wants the target to do
  • Which decision shortcuts are being exploited
  • Why a reasonable person might comply

3. Choose the Safest Response

Select a response that emphasizes:

  • Verification through known channels
  • Reporting rather than engagement
  • Calm, non-blaming behavior

4. Teach Responsibly

Decide how this pattern could be taught in a classroom:

  • Without recreating scams
  • Without shaming victims
  • Without encouraging misuse

Teaching Guardrails (Built Into the Lab)

This lab intentionally avoids:

  • Real organizations or brands
  • Live phishing or impersonation
  • Credential entry or simulated “attacks”
  • Victim-blaming language

The emphasis is on:

  • Pattern recognition
  • Defensive thinking
  • Reporting and documentation
  • Ethical instruction

Success Criteria

By the end of this lab, you should be able to:

  • Spot social engineering patterns, not just examples
  • Explain why social engineering works
  • Propose safe and responsible responses
  • Describe how to teach these concepts without causing harm

This is not a quiz.
Different answers can be reasonable if they demonstrate clear reasoning and prioritize safety.

Launching the Lab

  1. Start the WWC 2025 Lab Hub
  2. Launch Lab 5 — Social Engineering Analysis
  3. Complete the scenarios individually or in guided discussion

Instructors may pause between scenarios for group reflection.

Reflection Questions (Optional)

  • Which psychological lever did you find hardest to recognize?
  • How does time pressure change decision quality?
  • What makes reporting feel uncomfortable, and how can organizations reduce that friction?
  • How would you explain social engineering to a non-technical audience?

Remember:
Good cybersecurity is not about catching mistakes — it is about building systems and habits that support people under pressure.

← Social Engineering Deep Dive Cyber + Cloud Basics →