Abstract

AbstractIn today's contemporary digital landscape, cybersecurity plays a vital role in safeguarding digital assets and mitigating the risks posed by an interconnected world. Personal, business, and government information is constantly collected and shared online. Without proper protection, data, financial records, intellectual property, and government secrets can be exploited maliciously. Cyberattacks come in various forms, and their effectiveness can change over time as attackers develop new techniques and targets. However, phishing attacks have become a pervasive and persistent cybersecurity concern. Their success largely depends on the vulnerability of individuals within an organization.This case study aims to elucidate the pivotal role of controlled phishing attacks as educational and assessment tools within the cybersecurity paradigm. At its core, we conducted a simulation with the consent of the organization's leadership to emulate a real-world phishing scenario within the university community. This allowed us to measure people's susceptibility, identify security weaknesses, and raise security awareness. With phishing attacks becoming increasingly sophisticated, understanding their impact in an academic setting offers valuable insights into broader cybersecurity. The project specifically sought to familiarize the university community with the risks of information theft perpetrated through email-based attacks.