National Cybersecurity Awareness Month

When most people think of cyber threats, they picture hackers using technical tools to break into
systems. But one of the most effective attack methods doesn’t rely on code, it relies on people.
This tactic is called social engineering, and it’s all about manipulating human behavior to gain
access to sensitive information or systems.

What Is Social Engineering?

Social engineering involves using deception to trick individuals into revealing confidential information, clicking malicious links, or granting access to restricted systems. These attacks often bypass technical defenses by targeting the human element.

Common Social Engineering Techniques

1. Phishing—Fraudulent emails that appear to come from trusted sources, asking you to click a link, download a file, or enter credentials.
2. Pretexting—An attacker creates a fabricated scenario (e.g., pretending to be IT support or a vendor) to obtain information.
3. Impersonation—Pretending to be a coworker, supervisor, or authority figure to gain trust and access.

Real-World Impact

Social engineering attacks can lead to:

• Compromised accounts
• Data breaches
• Financial loss
• Reputational damage

Even a single click on a phishing link can have widespread consequences for the university.

How to Protect Yourself

• Verify requests: If someone asks for sensitive info or access, confirm their identity through a trusted channel.
• Be skeptical of urgency: Attackers often create a sense of panic to rush your decision making.
• Don’t share credentials: No legitimate support team will ask for your password.

Report suspicious activity by using the “Report Phish” button in Outlook, or contact the OIT HelpDesk at help.utk.edu.