🏠 Home > Cybersecurity > Personal Defense > Module 2

Module 2: Countering Social Engineering & AI Scams

Overview

This module teaches students to recognize and defend against sophisticated social engineering attacks, including AI-powered scams. Learn to identify deepfakes, phishing attempts, and psychological manipulation tactics used by cybercriminals.

Learning Duration

[To be determined]

Prerequisites

• Basic internet and email usage
• Smartphone usage
• No technical background required

---

Topics

2.1 Spotting Deepfakes: Audio (Vishing) and Video Verification

Key Concepts:

• Deepfake technology
• Voice cloning and vishing
• Video manipulation detection
• Verification techniques

Content Areas:

• What are deepfakes and how they’re created
• Voice cloning scams targeting family members
• CEO fraud and executive impersonation
• Visual indicators of deepfake videos
• Audio artifacts in fake voice calls
• Verification strategies (callback, code words)
• Real-world deepfake scam examples

[Detailed content to be added]

---

2.2 Phishing 2.0: Identifying Sophisticated AI-Generated Emails

Key Concepts:

• Evolution of phishing attacks
• AI-generated content detection
• Business Email Compromise (BEC)
• Email security best practices

Content Areas:

• Traditional vs. AI-powered phishing
• Spear phishing and targeted attacks
• Identifying suspicious email characteristics
• URL and link verification techniques
• Email header analysis (SPF, DKIM, DMARC)
• Attachment safety
• Reporting phishing attempts

[Detailed content to be added]

---

2.3 Smishing & QR Code Fraud (Quishing)

Key Concepts:

• SMS phishing (smishing)
• QR code attacks (quishing)
• Mobile-specific threats
• Safe scanning practices

Content Areas:

• Common smishing tactics and examples
• Package delivery scams
• Banking and payment scams via SMS
• Malicious QR codes
• QR code preview before opening
• Mobile security settings
• Verifying sender authenticity

[Detailed content to be added]

---

2.4 Psychological Triggers in Cyber Scams

Key Concepts:

• Social engineering psychology
• Manipulation tactics
• Emotional exploitation
• Building resilience

Content Areas:

• Urgency and time pressure tactics
• Authority and impersonation
• Fear and intimidation techniques
• Greed and “too good to be true” offers
• Curiosity and clickbait
• Trust exploitation
• Building critical thinking skills
• Pause and verify protocols

[Detailed content to be added]

---

Practical Exercises

Exercise 1: Deepfake Detection Challenge

Objective: Identify deepfake content from real content Duration: [To be added] Activities:

• Analyze audio samples
• Review video clips
• Practice verification protocols

Exercise 2: Phishing Email Analysis

Objective: Identify phishing indicators in sample emails Duration: [To be added] Skills Practiced:

• URL inspection
• Sender verification
• Content analysis
• Header examination

Exercise 3: Smishing Scenario Response

Objective: Respond appropriately to SMS scam scenarios Duration: [To be added] Steps: [To be added]

Exercise 4: Psychological Trigger Recognition

Objective: Identify manipulation tactics in scam examples Duration: [To be added] Steps: [To be added]

---

Real-World Examples

Case Study 1: Voice Clone Scam

Scenario: [To be added] Red Flags: [To be added] Proper Response: [To be added]

Case Study 2: Sophisticated Phishing Attack

Scenario: [To be added] Red Flags: [To be added] Proper Response: [To be added]

Case Study 3: QR Code Parking Scam

Scenario: [To be added] Red Flags: [To be added] Proper Response: [To be added]

---

Quick Reference: Red Flags Checklist

Email Red Flags

• Unexpected urgency or threats
• Requests for personal information
• Suspicious links or attachments
• Grammar and spelling errors
• Generic greetings
• Mismatched sender addresses

Phone/Text Red Flags

• Unsolicited calls about accounts or prizes
• Pressure to act immediately
• Requests for payment via gift cards
• Unknown numbers claiming to be known entities
• Links in unexpected text messages

Deepfake Indicators

• Unnatural facial movements
• Lighting inconsistencies
• Audio quality issues
• Lip-sync problems
• Unusual background artifacts

---

Response Protocols

If You Receive a Suspicious Call

1. [Steps to be added]
2. Hang up and call back using official number
3. Never provide personal information
4. Report the incident

If You Receive a Suspicious Email

1. [Steps to be added]
2. Don’t click links or download attachments
3. Verify sender through alternate channel
4. Report as phishing

If You’ve Been Scammed

1. [Steps to be added]
2. Report to authorities
3. Monitor accounts
4. Update passwords

---

Assessment

Knowledge Check

• What is vishing?
• Name three psychological triggers used in scams
• How can you verify a suspicious link?
• What should you do if you receive a suspicious call?

Scenario-Based Assessment

Title: Scam Response Challenge Description: [To be added] Scenarios: [To be added]

---

Resources

Reporting Tools

• FTC ReportFraud.ftc.gov
• FBI IC3 (Internet Crime Complaint Center)
• Anti-Phishing Working Group (APWG)
• Local law enforcement

Verification Tools

• URL checkers (VirusTotal, URLScan)
• Email header analyzers
• Reverse image search
• Phone number lookup services

Educational Resources

• [Phishing awareness training]
• [Deepfake detection guides]
• [Social engineering resources]

Further Reading

• Social Engineering: The Art of Human Hacking
• [Industry reports on phishing trends]
• [Scam awareness websites]

---

Last Updated: 2026-01-07