CSEC 201: Social Engineering and the Human Element

This course addresses the single most important truth in cybersecurity: the human being is almost always the weakest link. The most sophisticated firewall in the world is useless if an employee clicks a malicious link in a phishing email. The strongest encryption is irrelevant if someone can be talked into handing over their password.

Why Humans Are Vulnerable

Social engineering exploits fundamental features of human psychology that evolved long before computers existed. We are wired to trust authority, to reciprocate favors, to respond to urgency, and to help people who seem to be in need. These are not flaws—they are prosocial instincts that make civilization possible. But attackers have learned to weaponize them. This course examines the core principles of social engineering: authority (impersonating someone in power), scarcity and urgency (creating time pressure to prevent careful thinking), social proof (exploiting the tendency to follow what others seem to be doing), and reciprocity (offering something small to create a sense of obligation).

Phishing, Spear Phishing, and Pretexting

Learners study the mechanics of phishing campaigns—mass emails designed to trick recipients into clicking malicious links or revealing credentials—as well as spear phishing, which targets specific individuals with personalized lures based on publicly available information. Pretexting, the practice of creating a fabricated scenario to manipulate a target into providing information or access, is examined through real-world examples. The course emphasizes that these techniques succeed not because people are unintelligent, but because they exploit cognitive shortcuts that serve us well in most circumstances.

The Elderly as Targets

The course addresses the disproportionate targeting of older adults by scammers. Older adults may be more trusting, less familiar with digital interfaces, more isolated, and more likely to have accumulated savings. According to the FBI’s Internet Crime Complaint Center, Americans over 60 lost more than $3.4 billion to cybercrime in 2023—more than any other age group. Learners examine the psychological and situational factors that make older adults vulnerable and develop strategies for designing protective interventions that respect autonomy and dignity rather than patronizing the people they aim to protect.