Phishing Susceptibility Metrics in Academic Environments: Simulation-Based Analysis at Federal Polytechnic Bali, Nigeria

Husseini Usman Yaro, Masnizah Mohd
dx.doi.org/10.17576/apjitm-2025-1401-13

Abstract

With technology increasingly integrated into daily operations, organizations are more vulnerable to cyber threats, particularly social engineering attacks like phishing. Phishing attacks remain a significant threat to academic institutions, targeting staff through deceptive emails to extract sensitive information. Federal Polytechnic Bali (FPB) faces increased vulnerability to phishing due to limited cybersecurity awareness among staff. Phishing simulation exercises have been identified as an effective method to improve recognition and response to such threats. This study employed a quantitative experimental research design involving a pre-survey, phishing simulation, and post-survey. A total of 280 staff were targeted with a simulated phishing email titled "13-Month Bonus Payment." The study measured click rates, submission rates, and post-simulation awareness levels to evaluate staff susceptibility and response improvement. Out of 280 targeted staff, 41.8% engaged with the phishing email, with 29.6% being academic staff and 12.1% non-academic staff. Pre-simulation awareness was low, with only 32.6% of staff familiar with cybersecurity practices. After the simulation, 83.8% of participants reported increased phishing awareness. The study demonstrated a statistically significant improvement in phishing knowledge, with "Excellent" and "Good" ratings increasing from 33.1% to 90.1%. The study highlights the need for regular phishing simulation exercises and targeted cybersecurity training for staff. The findings support integrating phishing simulations into the institution?s cybersecurity strategy to enhance overall digital resilience.

keyword

Phishing, Cybersecurity, Phishing simulation, Staff

Area