Love is in the air this February, but beware—so is deception! Social engineers are master manipulators who exploit trust, curiosity, and even romance to gain access to sensitive information.

Common social engineering tactics

Phishing: The love letter you shouldn’t open
Cybercriminals send fraudulent emails or messages designed to trick recipients into clicking on malicious links or providing sensitive information. This time of year, you might see fake Valentine’s Day promotions, e-cards, or romantic scams.

Example: An email claiming to be from a flower delivery service asks you to confirm your payment details for a surprise bouquet. Follow the instructions, and you’ve just handed over your credit card info to a scammer.

Stay Safe: Verify senders before clicking links, and don’t enter personal information on unexpected requests.

Pretexting: playing the role of trust
Attackers impersonate someone trustworthy like IT support, HR, or a high-level executive to request sensitive data or system access.

Example: A caller pretends to be from the Service Desk, claiming they need your login credentials to perform a system update. You give them your password, and they now have access to your account.

Stay Safe: Always verify a requester’s identity by contacting the department directly before sharing sensitive information.

Tailgating: holding the door open for a threat
Attackers physically infiltrate secure areas by following authorized employees into buildings or restricted areas.

Example: Someone in a delivery uniform asks you to hold the door because they “forgot their badge.” Once inside, they have access to offices and information.

Stay Safe: Direct suspicious visitors to TWU Police. Potentially legitimate visitors should be escorted to a departmental front desk or reception desk to check in and verify proper identification.

How to avoid falling for social engineering scams

• Think Before You Click – Hover over links before clicking, and verify URLs.
• Verify Requests – Contact the supposed sender directly to confirm unusual requests.
• Keep It Private – Don’t overshare work details on social media or with strangers.
• Report Suspicious Activity – If something feels off, notify appropriate personnel immediately.

This Valentine’s season, don’t let cyber criminals toy with your trust. Stay vigilant, stay skeptical, and remember that when it comes to social engineering, flirting with danger is never worth the risk!

For questions or concerns, contact the ITS  Service Desk at servicedesk@twu.edu.