Not all cyberattacks rely on technical weaknesses. In IB Computer Science, students must understand that many successful attacks target people rather than systems. These attacks are known as social engineering attacks. IB examiners expect students to explain what social engineering is, why it works, and how it bypasses technical security measures.
Understanding social engineering is essential because even secure systems can be compromised through human error.
What Is Social Engineering?
Social engineering is a type of attack that:
- Manipulates people
- Exploits trust, fear, or urgency
- Tricks users into revealing information or performing actions
Instead of breaking security systems, attackers persuade users to:
- Share passwords
- Click malicious links
- Install harmful software
- Grant unauthorised access
In IB terms, social engineering exploits human vulnerability, not technical flaws.
Why Social Engineering Is Effective
Social engineering works because:
- Humans trust authority
- People act quickly under pressure
- Users may lack security awareness
Attackers often:
- Pretend to be legitimate organisations
- Create urgent or threatening situations
- Exploit curiosity or fear
IB students should explain that technical security cannot fully protect against deception.
Common Types of Social Engineering Attacks
Phishing
Phishing involves:
- Fake emails or messages
- Links to fraudulent websites
- Requests for sensitive information
Victims believe the message is legitimate and willingly provide data.
Spear Phishing
Spear phishing is:
- A targeted form of phishing
- Aimed at specific individuals
Attackers use personal information to make messages more convincing.
Pretexting
Pretexting involves:
- Creating a believable scenario
- Pretending to need information for a valid reason
For example:
- Claiming to be IT support
- Requesting login details
Baiting
Baiting uses:
- Enticing offers
- Free downloads or devices
Victims are tempted into installing malware or giving access.
Social Engineering vs Technical Attacks
A key IB distinction is:
- Technical attacks exploit system vulnerabilities
- Social engineering attacks exploit human behaviour
Social engineering can bypass:
- Firewalls
- Encryption
- Access controls
This is why awareness and training are essential.
Consequences of Social Engineering Attacks
Social engineering attacks can lead to:
- Data breaches
- Identity theft
- Financial loss
- Malware infections
In organisational systems:
- One mistake by one user can compromise the entire network
IB students should highlight the scale of impact.
Preventing Social Engineering Attacks
Prevention focuses on:
- User education
- Security awareness training
- Clear verification procedures
Examples include:
- Teaching users to identify suspicious messages
- Encouraging verification before sharing information
- Limiting access privileges
IB examiners reward answers that focus on human-centred prevention, not just technical controls.
Social Engineering and Risk Assessment
Social engineering is considered a:
- High-likelihood threat
- Difficult-to-eliminate risk
This is why it is often prioritised in risk assessments.
Common Student Mistakes
Students often:
- Define social engineering too vaguely
- Confuse it with malware
- Ignore human psychology
- Focus only on email phishing
Clear explanations with examples score higher.
How This Appears in IB Exams
IB questions may ask students to:
- Explain what social engineering is
- Identify social engineering in a scenario
- Discuss why it is effective
- Suggest prevention strategies
Linking human behaviour to security earns marks.
Final Thoughts
Social engineering attacks exploit trust, emotion, and human behaviour rather than technical weaknesses. By manipulating users into making mistakes, attackers can bypass even strong security systems.
Understanding social engineering helps IB Computer Science students explain why cybersecurity is as much about people as it is about technology — exactly what examiners expect.
