Phishing and social engineering

A report on phishing and social engineering


A transport and delivery company is aiming to stay «a step ahead” in cybersecurity, mainly by training all employees to stay alert in the area of cybersecurity.

The object is to raise the awareness of the employees so that they know what methods of social engineering and other threats to be on the lookout for.

Expected outcomes of the report are to highlight social engineering with some case studies, consequences and mitigation.

The report must have a clearly divided introduction, main, conclusion and reference part. The report must include a table of contents, and a table of figures.


Packets and parcels is a made up company

The CEO of Packets and Parcels, a large Norwegian company which specializes in transport and deliveries, has read about the increase in cyberattacks towards large businesses. In light of this, he hired penetration testers to find weak points in the company, and the results revealed that the employees were vulnerable to some phishing attacks conducted through social engineering. The CEO wishes to receive a generalized report on the specific phishing attacks, and also asks you, the head of the IT department, to spread awareness to all employees on how to stay safe while working with computers.

Combine part 1 and 2

Part 1

  • Write a report on some phishing attacks which explain how they work and highlight the details from the penetration attack, incorporating examples of relevant attacks toward other companies. This part must detail the history of phishing attacks, and different types of methods relevant for Packets and Parcels based on the penetration test. Examples of these, (but not limited to) are: Shoulder-surfing, tailgating and dumpster-diving.
  • The report must highlight the consequences of a social engineering attack and how it can be avoided.

Part 2

  • One way to avoid phishing attacks and social engineering is by raising the awareness of your employees. You are to create a suggestion for a course which spreads awareness on cyberattacks and result in a certificate after completion. Explain why you have chosen the course you have created. The CEO has given you an unlimited budget for the course. Plan ahead!

Leave a Reply