Social engineering attacks are on the rise in higher education. In 2017, one particular university reported losing millions of dollars from a successful phishing attack, which is a popular social engineering tactic.  So what is social engineering?  It is the clever manipulation of the natural human tendency to trust.  Every day, attackers devise new ways to try to fool unsuspecting university students, staff, and faculty into divulging sensitive information and/or granting requests that compromise system access.
These social engineering attacks can come in the form of an email (phishing), phone call (voice phishing or ‘vishing’), text message, social networking message, or from someone in person.  Attackers will try to manipulate the targeted individual to provide unauthorized access or reveal sensitive information.
Social Engineering Attacks often:
  • Create a highly emotional reaction and tremendous sense of urgency that demands “immediate action” before something bad happens, like threatening to close an account or send you to jail
  • Pretend to originate from a person or group of authority
  • Blend facts with fake information to create a plausible scenario
  • Pressure you to bypass or ignore policies or procedures
  • Create a strong sense of curiosity or something that is too good to be true
  • Request highly sensitive information, such as your credit card number, password, or any other information that a legitimate sender should already know
So stay alert and vigilant to avoid falling victim to social engineering attacks.  To learn more, visit our social engineering page.
QUESTIONS? If you encounter suspicious behavior, please report this to the ITS Help Desk at (914) 773-3333, email:, or online at