Vulnerability analysis in the university community using social engineering and phishing applications

Authors

  • Javier Guaña-Moya Pontificia Universidad Católica del Ecuador, Facultad de Hábitat, Infraestructura y Creatividad. Quito, Ecuador Author https://orcid.org/0000-0003-4296-0299
  • Sofía Villacís Pontificia Universidad Católica del Ecuador, Facultad de Hábitat, Infraestructura y Creatividad. Quito, Ecuador Author
  • Danilo Miniguano Miniguano Universidad Técnica de Ambato, Facultad de Ingeniería en Sistemas Electrónica e Industrial. Ambato, Ecuador Author https://orcid.org/0000-0001-6345-1202

DOI:

https://doi.org/10.56294/dm2025930

Keywords:

Vulnerabilities, University community, Social Engineering, Phishing

Abstract

The project focused on analyzing the impact of social engineering on the security of confidential information in a university community, highlighting the risks which individuals are exposed to when falling victim to such an attack. To this end, a controlled phishing attack was implemented to identify the main vulnerabilities that allow unauthorized access to personal data. The methodology used was descriptive, allowing for the analysis of factors such as the type of passwords used and the level of prior knowledge of social engineering. The results revealed that the group most affected by the attack was people between 23 and 27 years of age, representing 27,5 % of the total, followed by older adults between 58 and 63 years of age at 19,6 %, demonstrating that both young and older adults are the most susceptible. Furthermore, it was found that 43,1 % of users used passwords composed of names and numbers, reflecting a low complexity in their construction. Only 5,9 % used password managers, and only 11,8% incorporated special characters, indicating a low adoption of secure practices. The first phase of the attack, investigative in nature, was key to identifying exploitable personal patterns. Finally, after an awareness campaign was launched, it became clear that the main cause of vulnerability is a lack of knowledge about social engineering, highlighting the importance of strengthening cybersecurity education within the academic environment.

References

1. Moya JG,VJCC,CGB,VAM,&GMJ. Análisis de vulnerabilidades en sectores industriales: Un estudio sobre Ciberseguridad 2021-2023. Revista Ingenio global. 2025;: p. 219-236.

2. Tumbaico BDT. Ciberseguridad en educación y política: Desafíos éticos y tecnológicos. Horizon International Journal. 2024;: p. 28-39.

3. Pastor J. Xataka. [Online].; 2018. Available from: https://www.xataka.com/seguridad/kevin-mitnick-genio-o-figura-de-uno-de-los-hackers-mas-famosos-de-la-historia.

4. Vélez LFC. Influencia de la ingeniería social en la educación y política digital. Alpha International Journal. 2023; 1(1): p. 44-56.

5. Guaña-Moya J,CCMA,dCJFP,NVD,MZER,&LTLG. Phishing attacks and how to prevent them. 17th Iberian Conference on Information Systems and Technologies. 2022.

6. Guaña-Moya J,&ÁPD. Social Engineering as the Art of Deception in Cyber-Attacks: A Mapping Review. In World Conference on Information Systems and Technologies. Springer Nature Switzerland. 2023;: p. 155-163.

7. Breda F,BH,&MT. Social engineering and cyber security. INTED2017 Proceedings. 2017;: p. 4204-4211.

8. Salama R,&ATF. Cyber-security countermeasures and vulnerabilities to prevent social-engineering attacks. Artificial intelligence of health-enabled space. 2023;: p. 133-144).

9. Hadnagy C. Social engineering: The art of human hacking. John Wiley & Sons. 2010.

10. Mitnick KD,&SWL. The art of deception: Controlling the human element of security. John Wiley & Sons. 2003.

11. Granger S. Social engineering fundamentals, part I: hacker tactics. Security Focus. 2001.

12. Abawajy J. User preference of cyber security awareness delivery methods. Behaviour & information technology. 2014; 33(3): p. 237-248.

13. Albladi SM,&WGR. Predicting individuals’ vulnerability to social engineering in social networks.. Cybersecurity. 2020; 3(1).

14. Kumar P,SM,&BB. Social engineering attacks and defense mechanisms: Current trends and future challenges. Journal of Information Security and Applications. 2021;(58).

15. Hadnagy C. Social Engineering The science of Human Hacking: John Wiley & Sons, Inc; 2018.

16. Jagatic TN,JNA,JM,&MF. Social phishing. Communications of the ACM. 2007; 50(10): p. 94-100.

17. Salahdine F, Kaabouch. Social Engineering Attacks: A Survey. Future Internet. 2019; 11(4): p. 89.

18. Koyun A, Al Janabi E. Social Engineering Attacks. Multidisciplinary Engineering Science and Technology (JMEST). 2017; 4(6): p. 7533-7538.

19. Proofpoint. Proofpoint. [Online].; 2022. Available from: https://www.proofpoint.com/us/resources/threat-reports/state-of-phish.

20. Nordpass. Nordpass. [Online].; 2022. Available from: https://nordpass.com/most-common-passwords-list/.

Downloads

Published

2025-05-13

Issue

Vol. 4 (2025): Data and Metadata

Section

Original

License

Copyright (c) 2025 Javier Guaña-Moya , Sofía Villacís , Danilo Miniguano Miniguano (Author)

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

The article is distributed under the Creative Commons Attribution 4.0 License. Unless otherwise stated, associated published material is distributed under the same licence.

How to Cite

1.
Guaña-Moya J, Villacís S, Miniguano Miniguano D. Vulnerability analysis in the university community using social engineering and phishing applications. Data and Metadata [Internet]. 2025 May 13 [cited 2025 Jun. 1];4:930. Available from: https://dm.ageditor.ar/index.php/dm/article/view/930