AP®Computer ScienceCollege BoardComputer Science PrinciplesRevision NotesUnit 5: Impact of ComputingSafe ComputingUnauthorized Access

Unauthorized Access (College Board AP® Computer Science Principles): Revision Note

Robert Hampton

Written by: Robert Hampton

Reviewed by: James Woodhouse

Updated on

Social engineering and user-targeted attacks

What is social engineering?

  • Social engineering refers to attack methods that trick people into revealing information or taking actions that compromise security

  • Instead of breaking through technical defenses, social engineering exploits human trust, fear, urgency, or curiosity

  • The user, not the system, is the target

Phishing

  • Phishing is a common social engineering attack that uses disguised emails or websites to trick users into revealing personal information

  • Common phishing tactics:

    • Emails that appear to come from a trusted source (e.g., a bank, employer, or popular service)

    • Malicious links that look legitimate but lead to fake login pages designed to capture credentials

    • Unsolicited attachments that, when opened, install malware on the user's device

    • Urgent or threatening language designed to make the user act quickly without thinking

  • Once a victim enters their credentials on a fake page, the attacker can use them to access real accounts

Unsafe practices that enable attacks

  • Some attacks succeed because users make decisions that put their devices at risk:

    • Downloading software, files, or media from untrusted sources, which may contain malware

    • Clicking links in unexpected messages without verifying the source

    • Reusing the same password across multiple accounts

    • Ignoring security warnings from a browser or operating system

  • Awareness and cautious behavior are the most effective defenses against these attacks

Attack or practice

What happens

How to protect against it

Phishing email

Disguised message tricks user into revealing credentials

Verify sender, do not click unexpected links, hover to inspect URLs

Unsolicited attachment

Attached file installs malware when opened

Do not open attachments from unknown senders

Untrusted downloads

Software from unverified sites contains malware

Download only from official or reputable sources

Technical exploitation methods

What are technical exploitation methods?

  • Technical exploitation refers to attack methods that target weaknesses in hardware, software, or networks rather than tricking users directly

  • These attacks often happen without the user noticing, making them particularly difficult to defend against

Keylogging

  • Keylogging records every keystroke a user types on their device

  • Keyloggers can be installed as malware or, less commonly, as hardware attached to a device

  • Captured keystrokes often include sensitive credentials such as usernames, passwords, and payment information

  • The attacker reviews the recorded keystrokes to extract anything of value

Network interception

  • Data sent over public networks (e.g., open Wi-Fi in cafés or airports) can be intercepted by attackers connected to the same network

  • Once intercepted, data can be read or modified before reaching its intended destination

Rogue access points

  • A rogue access point is a Wi-Fi access point that appears legitimate but is actually controlled by an attacker

  • Users who connect to it are routed through the attacker's equipment, allowing the attacker to:

    • Monitor all data sent and received

    • Redirect users to fake versions of legitimate sites

    • Capture login credentials and other sensitive information

  • The risk is highest in public places where users expect free Wi-Fi to be available

Examiner Tips and Tricks

  • When an exam question describes a user being tricked into revealing information, the answer is usually a form of social engineering (most often phishing); when an attack succeeds without the user noticing, the answer is usually a technical exploitation method.

  • For the CPT, if your program asks users to provide credentials or personal information, you can mention in your written response how you would help users avoid phishing-style attacks (e.g., never asking for passwords by email).

Worked Example

A user connects to an open Wi-Fi network in a coffee shop. Unknown to them, the network is actually controlled by an attacker who can monitor and modify all data sent through it. Which of the following best describes this attack?

(A) Phishing
(B) Keylogging
(C) Rogue access point
(D) Multi-factor authentication

[1]

Answer:

(C) Rogue access point [1 mark]

  • The attacker has set up a Wi-Fi access point that appears legitimate so users will connect to it, allowing the attacker to intercept and modify all data sent through the network.

Unlock more, it's free!

Join the 100,000+ Students that ❤️ Save My Exams

the (exam) results speak for themselves:

I would just like to say a massive thank you for putting together such a brilliant, easy to use website.I really think using this site helped me secure my top gradesin science and maths. You really did save my exams! Thank you.

Beth
IGCSE Student

This website is soooo useful and I can’t ever thank you enough for organising questions by topic like this. Furthermore, the name of the website could not have been more appropriate as it literally did SAVE MY EXAMS!

Fathima
A Level Student

Incredible! SO worth my money, the revision notes have everything I need to know and are so easy to understand. I actually enjoy revising! It makes me feel a lot more confident for my GCSEs in a few months.

Kate
GCSE Student

Absolutely brilliant, both my girls used it for A levels and GCSE. It's saves on paper copies, also beneficial exam questions ranked from easy to hard. It's removed a lot of stress from the exams.

Sameera
Parent

Just to say that your resources are the best I have seen and I have been teaching chemistry at different levels for about 40 years

Mark
Chemistry Teacher

Excellent

Our rating represented in Trustpilot stars
Read more reviews
Previous:Resource Protection
Author
Reviewer
Robert Hampton

Author: Robert Hampton

Expertise: Computer Science Content Creator

Rob has over 16 years' experience teaching Computer Science and ICT at KS3 & GCSE levels. Rob has demonstrated strong leadership as Head of Department since 2012 and previously supported teacher development as a Specialist Leader of Education, empowering departments to excel in Computer Science. Beyond his tech expertise, Robert embraces the virtual world as an avid gamer, conquering digital battlefields when he's not coding.

James Woodhouse

Reviewer: James Woodhouse

Expertise: Computer Science & English Subject Lead

James graduated from the University of Sunderland with a degree in ICT and Computing education. He has over 14 years of experience both teaching and leading in Computer Science, specialising in teaching GCSE and A-level. James has held various leadership roles, including Head of Computer Science and coordinator positions for Key Stage 3 and Key Stage 4. James has a keen interest in networking security and technologies aimed at preventing security breaches.