Platforms for Managing Educational Phishing Campaigns within an Academic Environment

This thesis addresses the design and implementation of a platform for managing educational phishing campaigns aimed at enhancing cybersecurity in educational institutions. In an era where phishing attacks are among the main vectors of cyber threats, it is crucial to bolster defense capabilities and awareness of cyber attacks, especially in the academic setting where the amount of sensitive data is substantial. The work analyzes existing tools and approaches for managing these campaigns, compares them, and selects the most suitable solution based on evaluated criteria for university needs. The proposed platform enables efficient distribution of educational phishing campaigns and data collection on user responses, which contributes to a better understanding and improvement of defenses against phishing attacks. The platform will subsequently serve as a substitute for the currently used O365 Attack Simulator. The substitute is being designed due to the limited customization options of the current tool and its inadequacy for use in complex spear-phishing campaigns. Special emphasis is placed on the importance of continuous education and adaptation to the dynamically changing environment of cyber threats, which is key to maintaining security in an increasingly digital world. Additionally, the thesis examines the impact of modern technologies, particularly artificial intelligence, on the development and effectiveness of phishing attacks. The analysis demonstrates how AI can be used both to enhance the effectiveness of attacks and to defend against them, leading to the need to integrate advanced AI tools into educational campaigns for more effective simulations and better preparation of users for real threats.