7 Social Engineering Tactics Explained | AP Cybersecurity
The 7 Social Engineering Tactics (Authority, Scarcity, Urgency & More)
Topic 2.1 expands social engineering into a full set of psychological tactics adversaries use to manipulate targets: pretexting, authority, intimidation, consensus, scarcity, familiarity, and urgency. The exam asks you to identify which tactic a scenario uses.
Contents
The seven tactics
Each tactic pulls a different psychological lever. Pretexting invents a believable reason to make contact. Authority impersonates someone with power or claims to relay their instructions. Intimidation states negative consequences if demands are not met. Consensus claims everyone else is already doing the action.
Scarcity creates a sense of limited availability. Familiarity pretends to be or know someone close to the target to build trust. Urgency sets a deadline that forces quick action.
An email says: 'Only 3 spots left, register in the next hour.' Which tactics are at work?
Reveal answer
Scarcity (limited spots) and urgency (one-hour deadline). Both pressure the target to act before thinking, just through different levers.
Match the lever to the tactic: power = authority, threat = intimidation, deadline = urgency, limited supply = scarcity, everyone-is-doing-it = consensus, a trusted persona = familiarity, a fake backstory = pretexting.
Why so many tactics matter
Real attacks combine tactics to be more convincing. A message might use authority (posing as the CEO) plus urgency (a same-day wire) to maximize pressure.
Recognizing the specific lever helps you defend: once you name the manipulation, the request loses its power and you can verify through a trusted channel.
'This is the IT director. Everyone on your team has already updated their password at this link, please do yours now.' Name the tactics.
Reveal answer
Authority (IT director), consensus (everyone already did it), and urgency (now). Verify through a known channel before clicking anything.
Authority in the 2020 Twitter breach
Attackers posed as internal IT, using authority to pressure employees into handing over access. Naming the tactic, authority paired with urgency, is what lets a target step back and verify.
Identify the lever, then verify through a known channel.
Key Terms
| Pretexting | Inventing a believable reason to contact a target. |
| Authority | Impersonating someone with power over the target. |
| Consensus | Claiming everyone else is already doing the action. |
| Scarcity | Creating a sense of limited availability. |
| Familiarity | Pretending to be or know someone close to the target. |
Match It Up
Common Mistakes
Confusing consensus with authority
Consensus says everyone is doing it; authority claims power or position. Different levers.
Treating scarcity and urgency as identical
Scarcity is limited supply; urgency is a deadline. They often appear together but are distinct.
Missing familiarity
Pretending to know someone close to the target is its own tactic, not just generic trust.
Looking for only one tactic
Strong attacks stack several. Identify each lever present.
Check for Understanding
Frequently Asked Questions
Get in Touch
Whether you're a student, parent, or teacher — I'd love to hear from you.
Just want free AP CS resources?
Enter your email below and check the subscribe box — no message needed. Students get daily practice questions and study tips. Teachers get curriculum resources and teaching strategies.
Message Sent!
Thanks for reaching out. I'll get back to you within 24 hours.
Prefer email? Reach me directly at [email protected]