Skip to Main Content

A Guide to Defeat Social Engineers

A matrix of social engineering topics

It often starts with something that feels routine. A phone call from someone claiming to be the IT Helpdesk, urgently asking for your password to “fix a system issue.” Or an email that looks professional and enticing — an offer for your dream job in a UCLA department, but requiring an upfront payment to move forward.

These aren’t technical hacks. They’re social engineering attacks — scams that target people, not machines. Instead of breaking through firewalls, attackers exploit human psychology, using trust, fear or urgency to trick their victims into opening the door.

And these tactics are working. In 2024 alone, 68% of reported data breaches were attributed to social engineering. Worse, AI-powered tools have fueled a 442% increase in these types of attacks, making them harder than ever to recognize.

What Does Social Engineering Look Like?

  • An email pretending to be from a professor, offering you a job but requiring money up front to handle a “cost”.
  • A caller impersonating UCLA IT support, requesting your password.
  • A fake website — nearly identical to the real thing — asking you to enter your UCPath credentials.

Each of these examples relies not on technology but on psychology.

How Bruins Can Outsmart the Attackers

  • Verify before you trust. If someone asks for sensitive information or access — whether by email, phone or even in person — take a moment to confirm their identity through official UCLA channels.
  • Be wary of urgency. Social engineers want you to act quickly without thinking. Pause, reflect and verify.
  • Stay skeptical of authority claims. Attackers may pretend to be in positions of power. Remember: legitimate entities will never ask for your password.
  • Report, don’t ignore. If something feels off, report it — even if you’re unsure. At UCLA, you can file reports anonymously if needed.

A Shared Defense

The best defense against social engineering isn’t software—it’s awareness. By knowing the tactics and resisting the pressure, every student, faculty member, and staff member strengthens UCLA’s security posture. Cybersecurity truly starts with you, and it’s everyone’s responsibility.

Bruins, think before you trust. #becybersafeUCLA

Learn more about Cybersecurity Awareness Month at UCLA, access resources, and enter the raffle for a chance to win tickets to the UCLA vs. USC football game: Cybersecurity Awareness Month 2025.

Tags
2025