Date of Award

5-2025

Document Type

Thesis

Department

Computer Science

First Advisor

Manar Mohaisen

Abstract

Phishing attacks are cyber threats where attackers deceive users into performing actions that compromise the user’s security and benefit the attacker. In 2024 alone, phishing attacks have resulted in estimated damages of around 800 million dollars [1]. In response, many institutions have implemented internal simulated phishing attacks to enhance their employees' cybersecurity awareness. This training exercise has been proven beneficial in improving cybersecurity awareness on an enterprise scale[4]. This study aims to evaluate the potential effectiveness of a simulated phishing attack within a university setting, which is a relatively unseen practice thus far. Universities, like other secure organizations, store sensitive information and valuable assets, making it crucial to assess whether simulated phishing attacks can improve the security awareness of faculty members. This applied project originally aimed to study the impact of such simulations at Northeastern Illinois University (NEIU) to determine their potential benefits in strengthening university’s institutional security. Due to unforeseen circumstances, we were unable to perform this exercise within the university network. So, we will be leveraging external data from a multitude of research studies to determine the degree to which universities could potentially benefit from implementing internal phishing exercises.

Share

COinS