Volume 34
Abstract: In this paper, we describe the development of an in-class exercise designed to teach students how to craft social engineering attacks. Specifically, we focus on the development of phishing emails. Providing an opportunity to craft offensive attacks not only helps prepare students for a career in penetration testing but can also enhance their ability to detect and defend against similar methods. First, we discuss the relevant background. Second, we outline the requirements necessary to implement the exercise. Third, we describe how we implemented the exercise. Finally, we discuss our results and share student feedback. Keywords: Phishing, Social engineering, Cybersecurity, Pedagogy Download This Article: JISE2023v34n4pp347-359.pdf Recommended Citation: Young, J. A., & Farshadkhah, S. (2023). Teaching Tip: Hook, Line, and Sinker – The Development of a Phishing Exercise to Enhance Cybersecurity Awareness. Journal of Information Systems Education, 34(4), 347-359. |