A Controlled Phishing Attack in a University Community: A Case Study

Nowadays, in the contemporary digital landscape, cybersecurity plays a vital role in safeguarding digital assets and mitigating the risks posed by an interconnected world. Personal, business, and government information is constantly collected and shared online. Data, financial records, intellectual property, and government secrets can be exploited maliciously without proper protection. Cyberattacks come in various forms, and their effectiveness can change over time as attackers develop new techniques and targets. However, phishing attacks have become a pervasive and persistent cybersecurity concern. Their success largely depends on the vulnerability of individuals within an organization. This case study dwells on the pivotal role of controlled phishing attacks as educational and assessment tools within the cybersecurity paradigm. At its core, we conducted a simulation with the consent of the organization's leadership to emulate a real-world phishing scenario within the university community. This allowed us to measure people's susceptibility, identify security weaknesses, and raise security awareness. With phishing attacks becoming increasingly sophisticated, understanding their impact in an academic setting offers valuable insights into broader cybersecurity. The project aimed to familiarize the university community with the risks of information theft perpetrated through email-based attacks.