Recognizing Social Engineering
Signals

Spot the tricks before they reach your account.

Start with the Signal

A good defender notices the trap before the trap gets a chance to work.

A message can rush you

When a text or email pushes you to act right now, pause and check.

A login can look real

A fake login page may copy the shape of the real one and still steal your password.

A response can save the account

The right next step is simple: stop, verify, fix, and report.

Fake Portal

School Account Login

Urgent

URL

school-portal.secure-login.example

Message

Your account will close in 10 minutes unless you verify now.

Clue 1

Urgency

Clue 2

Strange Domain

What Is Social Engineering?

It attacks people first by using emotion, trust, and pressure.

Urgency

“Do this now” is a classic trick.

Fear

Scary warnings can make careful people move too fast.

Authority

A fake admin, teacher, or support agent can sound convincing.

Reward

A free prize or bonus can make a trap feel harmless.

How Do You Spot a Suspicious Login?

Look for behavior that does not match the account’s normal pattern.

Odd Timing

A login at a strange hour can be a warning sign.

Many Failed Attempts

Repeated failures may mean someone is guessing passwords.

Unknown Device

A new device or location may deserve a second look.

Strange URL

One extra letter can hide a fake page.

Spot the Pitch

Some messages are trying to move you before you can think.

Message 1

Your account will close in 10 minutes. Sign in here now.

Message 2

Here is the homework page you asked for.

Message 3

The class trip starts next week. See the schedule.

Message 4

Your friend sent a photo from lunch.

Passwords and MFA

A stronger account is harder to guess, harder to reuse, and harder to steal.

Long

More characters usually mean more protection.

Unique

One password should not unlock every account you own.

Managed

A password manager helps you keep track of strong passwords.

Password

Sun-Coffee-72!

Long enough to resist easy guessing.

MFA

Code + Device

A second step can block a stolen password.

Why it matters

A single password can be copied. MFA makes the attacker do more than simply know the secret.

Quick Response

Choose the safest action after a suspicious message or login.

A fake page may already have your password. What should happen next?

Mini Case Study

Trace one account problem from the first clue to the final action.

Signal

A message says the account will be locked in 5 minutes.

Check

The link points to a strange domain and asks for a password again.

Action

Stop, change the password, turn on MFA, and report it.

Try It Again

Which clue matters the most in this login scene?

A login page looks polished, but the domain is slightly wrong and the device is unfamiliar. What should you trust most?

How to Report It

Good reporting helps other people avoid the same trap.

Who sent it?

Save the sender, the subject, and the message itself.

Where did it go?

Keep the URL or the app path if it looks suspicious.

When did it happen?

Record the time so the problem can be traced later.

What changed?

Say whether a password, code, or other detail was shared.

Quick Check

Choose the safest first move in each scene.

A message says your account will close in 10 minutes unless you sign in. What should you do first?

You see a login page that looks familiar, but the domain is slightly different. What clue matters most?

What Should You Do Next?

A clear order helps you act fast without making the problem worse.

1. Stop

Do not keep entering passwords, codes, or personal information.

2. Verify

Check the URL, sender, and page behavior before you trust it.

3. Change the Password

If anything was shared, change the password right away.

4. Enable MFA and Report

Add another layer of protection and let the right person know.

Course Summary

Keep these four ideas ready. We will use them again.

Social Engineering

Attackers use urgency, fear, reward, and authority to make people act too fast.

Suspicious Logins

Odd timing, repeated failures, unknown devices, and strange URLs are major warning signs.

Strong Account Habits

Long, unique passwords and MFA give attackers a much harder target.

Response Order

Stop, verify, change the password, turn on MFA, and report the issue.

After-Class Assignment

Practice with two realistic situations and explain your response order.

Spot the Pitch

Pick the message that feels most like social engineering and name two clues.

Suspicious Login

Review a login record and write the safest first two actions.