Computing · Year 9

Active learning ideas

Social Engineering and Phishing

Active learning works because social engineering relies on human responses, not just technical knowledge. Students need to practice spotting subtle cues in realistic contexts to build lasting vigilance. By analysing real-world examples and testing defences, they move from passive awareness to active scepticism for cybersecurity.

National Curriculum Attainment TargetsKS3: Computing - CybersecurityKS3: Computing - Online Safety
25–45 minPairs → Whole Class4 activities

Activity 01

Role Play45 min · Small Groups

Email Critique Carousel

Print 6-8 sample emails, some phishing, some legitimate. Groups rotate every 7 minutes to analyse sender, content, links, and urgency. They vote and justify if phishing, then debrief as a class.

Explain why social engineering is often considered the weakest link in cybersecurity.

Facilitation TipDuring the Email Critique Carousel, position students physically around the room so movement reinforces engagement with each example.

What to look forPresent students with three anonymized email examples: one legitimate, one phishing, and one spear phishing. Ask them to label each and provide one specific reason for their classification for each email.

ApplyAnalyzeEvaluateSocial AwarenessSelf-Awareness
Generate Complete Lesson

Activity 02

Role Play30 min · Pairs

Phishing Role-Play Scenarios

Pairs draw scenario cards like 'boss emails urgent password request'. One acts as attacker, other as victim spotting tactics. Switch roles, then share strategies that worked.

Critique a given email to determine if it is a phishing attempt.

Facilitation TipIn Phishing Role-Play Scenarios, assign clear roles and rotate performers to ensure everyone practices both attacker and defender perspectives.

What to look forPose the question: 'Why is it often said that humans are the weakest link in cybersecurity?' Facilitate a class discussion where students share examples of social engineering they have encountered or heard about, and discuss the vulnerabilities exploited.

ApplyAnalyzeEvaluateSocial AwarenessSelf-Awareness
Generate Complete Lesson

Activity 03

Role Play40 min · Small Groups

Defence Strategy Design

In small groups, students brainstorm and poster personal protection plans covering email, calls, and public Wi-Fi. Include checklists and slogans. Present to class for feedback.

Design strategies to protect oneself from common social engineering attacks.

Facilitation TipFor Defence Strategy Design, provide blank templates with prompts to guide students from observation to actionable plans.

What to look forIn pairs, students draft a short, fictional social engineering scenario (e.g., a phone call asking for account details). They then swap scenarios and write down two specific questions they would ask to verify the caller's identity and one action they would take to protect themselves.

ApplyAnalyzeEvaluateSocial AwarenessSelf-Awareness
Generate Complete Lesson

Activity 04

Role Play25 min · Individual

Spot the Scam Hunt

Provide website screenshots or texts. Individually mark phishing indicators with highlighters, then pairs compare and create a class master list of clues.

Explain why social engineering is often considered the weakest link in cybersecurity.

Facilitation TipDuring the Spot the Scam Hunt, use a timer to create urgency similar to real phishing attempts and observe how pressure affects decision-making.

What to look forPresent students with three anonymized email examples: one legitimate, one phishing, and one spear phishing. Ask them to label each and provide one specific reason for their classification for each email.

ApplyAnalyzeEvaluateSocial AwarenessSelf-Awareness
Generate Complete Lesson

A few notes on teaching this unit

Teachers should model scepticism explicitly by questioning every detail in sample emails, not just pointing out errors. Research shows that students learn best when they experience the tension between trust and doubt in controlled simulations. Avoid treating social engineering as purely technical; focus on human psychology and context. Use humour and relatable scenarios to reduce fear while building critical habits.

Successful learning looks like students confidently identifying red flags in varied phishing attempts and articulating clear, personal strategies to verify requests. They should explain why human behaviour remains the primary vulnerability, even with technical protections. Observations and discussions reveal whether they transfer skills beyond the classroom.

Watch Out for These Misconceptions

  • During Email Critique Carousel, watch for students assuming phishing emails always contain obvious spelling errors or bad design.

    Use the Email Critique Carousel to display varied examples, including sophisticated phishing that mimics legitimate sources closely. Guide students to notice subtle cues like mismatched domains or unexpected requests, and update their checklists to reflect nuanced detection beyond surface errors.

  • During Phishing Role-Play Scenarios, watch for students believing social engineering only occurs online through emails.

    In Phishing Role-Play Scenarios, incorporate mediums like phone calls, USB drops, or in-person interactions. After each role-play, facilitate peer discussions to identify patterns across different methods, correcting the narrow view and building comprehensive awareness.

  • During Defence Strategy Design, watch for students assuming antivirus software fully protects against social engineering.

    In Defence Strategy Design, present simulations where antivirus fails to catch phishing attempts. Ask students to critique these examples, emphasising behaviour over software. Their designed strategies should prioritise human vigilance as the primary defence.

Methods used in this brief

More in Networks and Cybersecurity

Introduction to Computer Networks

Students will define what a computer network is and identify its basic components and benefits.

2 methodologies

LANs and WANs

Students will differentiate between Local Area Networks (LANs) and Wide Area Networks (WANs).

2 methodologies

Network Hardware: Routers, Switches, Hubs

Students will identify and explain the function of common network hardware components.

2 methodologies

Network Topologies

Students will compare Star, Mesh, and Bus network topologies, evaluating their pros and cons.

3 methodologies

Network Protocols: TCP/IP

Students will understand the role of protocols like TCP/IP in ensuring reliable data transmission.

2 methodologies