Simulating the Threat: A Phishing Campaign to Enhance Cyber Resilience in a Large Organization

Open Access
Article
Conference Proceedings
Authors: Leandros MaglarasKitty KioskliAntonis AdamakosStavros KyriakoudesDemetris AntoniouNestoras Chouliaras
Abstract

The human element remains the most critical, yet often least addressed, vulnerability in organizational cybersecurity. For any company, effective security awareness must evolve beyond static training to include realistic, experiential learning. This report details the planning, execution, and outcomes of a controlled, simulated social engineering phishing campaign conducted within such an organization. The primary objective was to use Social Engineering as a Cybersecurity Awareness Tool to transform passive policy knowledge into active, reflexive cyber-resilience among employees. By providing direct, practical experience with a leading open-access tool like Gophish, followed by training lectures, these campaigns aim to transform phishing exercises from a compliance checkpoint into an integrated, continuous practice.

Keywords: Phishing Campaigns, Human Factor, Cybersecurity Awareness, Social Engineering

DOI: 10.54941/ahfe1007415

Cite this paper
Downloads
0
Visits
1
Download PDF

More from this volume

Assessing Trust in Digital Service Engineering: An Empirical Case Study of Public CCTV Analytics in GermanyMicro-Decisions Under Time Pressure and Dark Patterns in Digital Interfaces
View all articles in Human Factors in Cybersecurity