Simulating the Threat: A Phishing Campaign to Enhance Cyber Resilience in a Large Organization
Abstract
The human element remains the most critical, yet often least addressed, vulnerability in organizational cybersecurity. For any company, effective security awareness must evolve beyond static training to include realistic, experiential learning. This report details the planning, execution, and outcomes of a controlled, simulated social engineering phishing campaign conducted within such an organization. The primary objective was to use Social Engineering as a Cybersecurity Awareness Tool to transform passive policy knowledge into active, reflexive cyber-resilience among employees. By providing direct, practical experience with a leading open-access tool like Gophish, followed by training lectures, these campaigns aim to transform phishing exercises from a compliance checkpoint into an integrated, continuous practice.
Keywords: Phishing Campaigns, Human Factor, Cybersecurity Awareness, Social Engineering
DOI: 10.54941/ahfe1007415
Cite this paper
More from this volume
- A Human Factors-Cyber-Safety Framework for Risk and Requirements in Critical Infrastructure
- Cognitive Load and Compliance: A Human-Centric Framework for NIS2 in Latvian SMEs
- Eye tracking study to analyze context encoding during phishing decision making
- Enhancing Cybersecurity Learning Through Online Platforms and Gamified Approaches
- Privileged Learning for Instance Representation in Cognitive Models of Phishing Decisions
- Calibrating Trust in AI-Driven Cyber Defenses: Human Reliance, Resistance, and Decision Dynamics
- Governing the human factor in cybersecurity: A regulatory perspective
- Assessing Trust in Digital Service Engineering: An Empirical Case Study of Public CCTV Analytics in Germany
- Micro-Decisions Under Time Pressure and Dark Patterns in Digital Interfaces
- Designing an AI-Driven Framework for Human-Centered Cybersecurity Practices
- Beyond Security Awareness: A Scoping Review of Human Factors in SME Cyber Resilience Frameworks (2018-2026)
- The Human Factor in Cyber Resilience: Behavioural, Organisational and Sociotechnical Perspectives


AHFE Open Access