Vulnerability analysis in the university community using social engineering and phishing applications

Introduction: the project focused on analyzing the impact of social engineering on the security of confidential information in a university community, highlighting the risks which individuals are exposed to when falling victim to such an attack. A controlled phishing attack was implemented. Objetive: identify the main vulnerabilities that allow unauthorized access to personal data. Method: the methodology used was descriptive, allowing for the analysis of factors such as the type of passwords used and the level of prior knowledge of social engineering. Resul: the results revealed that the group most affected by the attack was people between 23 and 27 years of age, representing 27,5 % of the total, followed by older adults between 58 and 63 years of age at 19,6 %, demonstrating that both young and older adults are the most susceptible. Furthermore, it was found that 43,1 % of users used passwords composed of names and numbers, reflecting a low complexity in their construction. Only 5,9 % used password managers, and only 11,8 % incorporated special characters, indicating a low adoption of secure practices. The first phase of the attack, investigative in nature, was key to identifying exploitable personal patterns. Conclusions: finally, after an awareness campaign was launched, it became clear that the main cause of vulnerability is a lack of knowledge about social engineering, highlighting the importance of strengthening cybersecurity education within the academic environment.