<![CDATA[The massive use of social media among university students provides convenience in communication, information exchange, and academic activities. However, this condition also increases the risk of cybercrime, particularly phishing attacks based on social engineering. Phishing exploits psychological manipulation to deceive victims into revealing sensitive information such as passwords, OTP codes, and personal data. This study aims to analyze students’ awareness of social media account security, identify common forms of phishing attacks experienced, and determine factors contributing to students’ vulnerability. This research employs a quantitative descriptive method by distributing online questionnaires to active university students. The collected data were analyzed using descriptive statistics to identify behavioral patterns and security awareness levels. The results indicate that most students have moderate to low digital security awareness, reflected in password reuse across platforms and low adoption of two-factor authentication. Furthermore, most respondents have encountered phishing messages in the form of fake links, prize scams, and account verification requests. The main vulnerability factors include limited cybersecurity literacy, high levels of trust, and lack of information verification. This study highlights the importance of digital security education and improved cybersecurity literacy among students to reduce the risk of social engineering-based phishing attacks.]]>
