{"id":6089,"date":"2025-09-10T12:58:35","date_gmt":"2025-09-10T10:58:35","guid":{"rendered":"https:\/\/cyberawareness.sk\/?p=6089"},"modified":"2026-03-27T12:28:26","modified_gmt":"2026-03-27T11:28:26","slug":"lessons-learned-from-phishing-test","status":"publish","type":"post","link":"https:\/\/cyberawareness.sk\/en\/2025\/09\/10\/lessons-learned-from-phishing-test\/","title":{"rendered":"Lessons learned from phishing test"},"content":{"rendered":"<div data-elementor-type=\"wp-post\" data-elementor-id=\"6089\" class=\"elementor elementor-6089\">\n\t\t\t\t<div class=\"elementor-element elementor-element-fa18013 e-flex e-con-boxed e-con e-parent\" data-id=\"fa18013\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t<div class=\"elementor-element elementor-element-9f6d137 e-con-full e-flex e-con e-child\" data-id=\"9f6d137\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-dd553b0 elementor-widget elementor-widget-ucaddon_square_icon_box\" data-id=\"dd553b0\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"ucaddon_square_icon_box.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\n<!-- start Icon Box -->\n\t\t<link id='font-awesome-css' href='https:\/\/cyberawareness.sk\/wp-content\/plugins\/unlimited-elements-for-elementor\/assets_libraries\/font-awesome6\/fontawesome-all.min.css' type='text\/css' rel='stylesheet' >\n\t\t<link id='font-awesome-4-shim-css' href='https:\/\/cyberawareness.sk\/wp-content\/plugins\/unlimited-elements-for-elementor\/assets_libraries\/font-awesome6\/fontawesome-v4-shims.min.css' type='text\/css' rel='stylesheet' >\n\t\t<link id='uc_ac_assets_file_blox_boxed_small_square_icon_box_css_0-css' href='https:\/\/cyberawareness.sk\/wp-content\/uploads\/ac_assets\/blox-boxed-small-square-icon-box\/blox-boxed-small-square-icon-box.css' type='text\/css' rel='stylesheet' >\n\n<style>\/* widget: Icon Box *\/\n\n#uc_square_icon_box_elementor_dd553b0 * { \n\tbox-sizing: border-box; \n}\n\n#uc_square_icon_box_elementor_dd553b0{\n\tfont-family: inherit;\n    transition:0.3s;\n    position:relative;\n}\n\n#uc_square_icon_box_elementor_dd553b0 .blox-boxed-small-square-icon-box-icon{\n\t\n\tposition:relative;\n    display:flex;\n    justify-content:center;\n    align-items:center;\n    transform:rotate(0deg);\n    z-index:2;\n}\n#uc_square_icon_box_elementor_dd553b0 .ue-icon {\n  display:inline-block;\n}\n#uc_square_icon_box_elementor_dd553b0 .blox-boxed-small-square-icon-box-icon > div{\n\t\n\tposition:relative;\n    display:flex;\n    justify-content:center;\n    align-items:center;\n    transform:rotate(-0deg);\n}\n#uc_square_icon_box_elementor_dd553b0 .ue-icon-inner{\n    line-height:1em;\n\t} \t\n\n\n#uc_square_icon_box_elementor_dd553b0 .ue-icon-inner svg{\n    height:1em;\n    width:1em;\n\t} \t\n\t\n.blox-boxed-small-square-icon-box-heading{\n\tfont-size:21px;\n\t}\n\n\n#uc_square_icon_box_elementor_dd553b0:hover\n{\n  position:relative;\n  z-index:1;\n}\n\n\n#uc_square_icon_box_elementor_dd553b0 .ue_box_button\n{\n  text-align:center;\n  text-decoration:none;\n  display:inline-block;\n  transition:0.3s;\n}\n\n\n#uc_square_icon_box_elementor_dd553b0 span.line\n{\n  display:block;\n  position:absolute;\n  top:0;\n  left:0;\n  width:0px;\n  transition:0.3s;\n}\n\n#uc_square_icon_box_elementor_dd553b0:hover span.line\n{\n  width:100%;\n}\n\n#uc_square_icon_box_elementor_dd553b0 .ue-title-separator span\n{\n  display:inline-block;\n  transition:0.3s;\n}\n\n\n\n\n\n<\/style>\n\n<div class=\"square_icon_box\" id=\"uc_square_icon_box_elementor_dd553b0\">\n  \n  \t\t  \n  \n              <div class=\"ue-icon\">\n       <a style=\"display:inline-block; text-decoration:none;\" href=\"https:\/\/d1wqtxts1xzle7.cloudfront.net\/89520376\/IDIMT_proceedings_2017-libre.pdf?1660295262=&amp;#038;response-content-disposition=inline%3B+filename%3DModelling_the_Service_Value_Chain_for_Sm.pdf&amp;#038;Expires=1730885584&amp;#038;Signature=aX-X9xI7RjHioIf6dgJ3bC49eK4ePzN1gzoJe~sobBukZ2F6wLgSASc4hq~18aeDkjTI0ns046IrDOI-7FuuFEHsEtpS4slvZIJKMdKFqEe8EsyxiGINORNIhX~kw9WPUT4HCR6UwDXL8NDFge3mhekYy1MZLVW4rflskddzNkNBEENqHQHvyBtDdapdYegpy6nHcigCoUXFyGGgmbEuEBckvfn8oN5~SkPPAHP7oFGTBnXKb3rhmYhs6rdeJy~1LOlJNtL4f9-AxwIaTxhzWQTE1DiEMDXN~8M9B4x0np2Nb51X6IaDoarPFTufSAiHYf1D9-GDqPZY1b~mabayMQ__&amp;#038;Key-Pair-Id=APKAJLOHF5GGSLRBV4ZA#page=300\" >         <div class=\"blox-boxed-small-square-icon-box-icon\" style=\"background-color: ;\">\n           <div class=\"ue-icon-inner\"><i class='fas fa-book'><\/i><\/div>\n         <\/div>\n       <\/a>       <\/div>\n         \n  \t\t        <div class=\"blox-boxed-small-square-icon-box-heading\">\n        \tArticle\n        <\/div>\n          \n  \t\t  \n  \n          \n  \t\t        \n          \n  \t\t  \n<\/div>\n<!-- end Icon Box -->\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-ad5fbe9 elementor-widget elementor-widget-ucaddon_square_icon_box\" data-id=\"ad5fbe9\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"ucaddon_square_icon_box.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\n<!-- start Icon Box -->\n\n<style>\/* widget: Icon Box *\/\n\n#uc_square_icon_box_elementor_ad5fbe9 * { \n\tbox-sizing: border-box; \n}\n\n#uc_square_icon_box_elementor_ad5fbe9{\n\tfont-family: inherit;\n    transition:0.3s;\n    position:relative;\n}\n\n#uc_square_icon_box_elementor_ad5fbe9 .blox-boxed-small-square-icon-box-icon{\n\t\n\tposition:relative;\n    display:flex;\n    justify-content:center;\n    align-items:center;\n    transform:rotate(0deg);\n    z-index:2;\n}\n#uc_square_icon_box_elementor_ad5fbe9 .ue-icon {\n  display:inline-block;\n}\n#uc_square_icon_box_elementor_ad5fbe9 .blox-boxed-small-square-icon-box-icon > div{\n\t\n\tposition:relative;\n    display:flex;\n    justify-content:center;\n    align-items:center;\n    transform:rotate(-0deg);\n}\n#uc_square_icon_box_elementor_ad5fbe9 .ue-icon-inner{\n    line-height:1em;\n\t} \t\n\n\n#uc_square_icon_box_elementor_ad5fbe9 .ue-icon-inner svg{\n    height:1em;\n    width:1em;\n\t} \t\n\t\n.blox-boxed-small-square-icon-box-heading{\n\tfont-size:21px;\n\t}\n\n\n#uc_square_icon_box_elementor_ad5fbe9:hover\n{\n  position:relative;\n  z-index:1;\n}\n\n\n#uc_square_icon_box_elementor_ad5fbe9 .ue_box_button\n{\n  text-align:center;\n  text-decoration:none;\n  display:inline-block;\n  transition:0.3s;\n}\n\n\n#uc_square_icon_box_elementor_ad5fbe9 span.line\n{\n  display:block;\n  position:absolute;\n  top:0;\n  left:0;\n  width:0px;\n  transition:0.3s;\n}\n\n#uc_square_icon_box_elementor_ad5fbe9:hover span.line\n{\n  width:100%;\n}\n\n#uc_square_icon_box_elementor_ad5fbe9 .ue-title-separator span\n{\n  display:inline-block;\n  transition:0.3s;\n}\n\n\n\n\n\n<\/style>\n\n<div class=\"square_icon_box\" id=\"uc_square_icon_box_elementor_ad5fbe9\">\n  \n  \t\t  \n  \n              <div class=\"ue-icon\">\n       <a style=\"display:inline-block; text-decoration:none;\" href=\"https:\/\/scholar.google.com\/citations?view_op=view_citation&amp;#038;hl=sk&amp;#038;user=JXxir4oAAAAJ&amp;#038;cstart=20&amp;#038;pagesize=80&amp;#038;sortby=pubdate&amp;#038;citation_for_view=JXxir4oAAAAJ:NMxIlDl6LWMC\" >         <div class=\"blox-boxed-small-square-icon-box-icon\" style=\"background-color: ;\">\n           <div class=\"ue-icon-inner\"><i class='fas fa-link'><\/i><\/div>\n         <\/div>\n       <\/a>       <\/div>\n         \n  \t\t        <div class=\"blox-boxed-small-square-icon-box-heading\">\n        \tLink to Google Scholar\n        <\/div>\n          \n  \t\t  \n  \n          \n  \t\t        \n          \n  \t\t  \n<\/div>\n<!-- end Icon Box -->\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-8e851db elementor-widget elementor-widget-text-editor\" data-id=\"8e851db\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><b>Authors: <\/b>Pavol Sokol, Martin Glova, Ter\u00e9zia M\u00e9ze\u0161ov\u00e1, Regina Hu\u010dkov\u00e1<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-79e945b elementor-widget elementor-widget-heading\" data-id=\"79e945b\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">Abstract<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-b77c4c2 elementor-widget elementor-widget-text-editor\" data-id=\"b77c4c2\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>This paper focuses on one of the forms of social engineering \u2013 phishing and spear phishing. The <br \/>essence of the spear phishing is its personality. It focuses on specific individuals and e-mails are <br \/>personalised, making it more credible. Within the paper, we provide the results of research, in <br \/>which we tested about 10,000 users. The test has shown some interesting results; especially how <br \/>more personalised phishing attack can increase the number of victims. Based on these results, in <br \/>this paper we provide some recommendations for protection against this type of social engineering.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-e5a0a23 elementor-widget elementor-widget-heading\" data-id=\"e5a0a23\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">Introduction<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-413ae1c elementor-widget elementor-widget-text-editor\" data-id=\"413ae1c\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Cyberspace offers new opportunities, but it is also a source of new threats for both, individuals <br \/>and for organizations. Therefore, network security has become an increasingly important part <br \/>of modern society. ENISA Threat Landscape 2016 (ENISA, 2017) states current threat landscape. <br \/>Several forms of social engineering occur in the threat landscape. In social engineering, an attacker <br \/>uses their victims to act in a particular way. Highest placed form of social engineering is phishing <br \/>(6th place). The Oxford English Dictionary defines a phishing as \u201ethe fraudulent practice of sending <br \/>emails purporting to be from reputable companies, in order to induce individuals to reveal personal <br \/>information, such as passwords and credit card numbers, online\u201d (Oxford, 2009). Phishing can be <br \/>also defined as \u201ca form of social engineering in which an attacker, also known as a phisher, <br \/>attempts to fraudulently retrieve legitimate users\u2019 confidential or sensitive credentials by mimicking <br \/>electronic communications from a trustworthy or public organization in an automated fashion\u201c <br \/>(Jakobsson, 2016). <br \/>Mitigation of the phishing attacks is difficult as they are aimed at exploiting people (end users <br \/>of a system) (Khonji et al., 2013). For example, as evaluated in Sheng at al. (2010), people who <br \/>were trained with the best performing awareness program, still failed to detect 29% of phishing <br \/>attacks. On the other hand, software detection techniques are evaluated against bulk phishing <br \/>attacks. Therefore, their performance against targeted forms of phishing is practically unknown. <br \/>These limitations were a direct cause of security breaches in several organisations, including <br \/>leading information security providers (Higgins, 2015). In the specialised cases, the phishing <br \/>targets narrow spectrum of email addresses that are related to each other. In that case, we talk about\u00a0 spear phishing. Caputo et al. (2014) showed \u201cvery high click rate at spear phishing e-mails&#8216; links <br \/>(around 60%) which could be affected by the difficulty of detecting the spear phishing elements.\u201d <br \/>For the aforementioned reasons, we decided to run a phishing test within an academic organization <br \/>with two categories of users (victims) \u2013 students and employees. We analysed current status <br \/>of phishing and spear phishing on a sample of about 10.000 users of the organization. In this paper, <br \/>we address the following three research questions within the phishing test: <br \/>\uf0b7 analysis of the impact of language and graphic design of the fraudulent web pages and <br \/>emails to the phishing campaign, <br \/>\uf0b7 analysis of possibilities of implementing central security measures against phishing and <br \/>\uf0b7 analysis of reaction time with regard to lowering impact of the phishing campaign. <br \/>This paper is organised into five sections. Section II focuses on the review of published research <br \/>related to security awareness in phishing and lessons learned from phishing test. Section III outlines <br \/>the methodology in the phishing test. Section IV presents the results of phishing test and discusses <br \/>the important points. The last section contains conclusions and our suggestions for the future <br \/>research.\u00a0<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>","protected":false},"excerpt":{"rendered":"<p>Authors: Pavol Sokol, Martin Glova, Ter\u00e9zia M\u00e9ze\u0161ov\u00e1, Regina Hu\u010dkov\u00e1<\/p>","protected":false},"author":9,"featured_media":5713,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"ocean_post_layout":"full-width","ocean_both_sidebars_style":"","ocean_both_sidebars_content_width":0,"ocean_both_sidebars_sidebars_width":0,"ocean_sidebar":"","ocean_second_sidebar":"","ocean_disable_margins":"enable","ocean_add_body_class":"","ocean_shortcode_before_top_bar":"","ocean_shortcode_after_top_bar":"","ocean_shortcode_before_header":"","ocean_shortcode_after_header":"","ocean_has_shortcode":"","ocean_shortcode_after_title":"","ocean_shortcode_before_footer_widgets":"","ocean_shortcode_after_footer_widgets":"","ocean_shortcode_before_footer_bottom":"","ocean_shortcode_after_footer_bottom":"","ocean_display_top_bar":"default","ocean_display_header":"default","ocean_header_style":"","ocean_center_header_left_menu":"","ocean_custom_header_template":"","ocean_custom_logo":0,"ocean_custom_retina_logo":0,"ocean_custom_logo_max_width":0,"ocean_custom_logo_tablet_max_width":0,"ocean_custom_logo_mobile_max_width":0,"ocean_custom_logo_max_height":0,"ocean_custom_logo_tablet_max_height":0,"ocean_custom_logo_mobile_max_height":0,"ocean_header_custom_menu":"","ocean_menu_typo_font_family":"","ocean_menu_typo_font_subset":"","ocean_menu_typo_font_size":0,"ocean_menu_typo_font_size_tablet":0,"ocean_menu_typo_font_size_mobile":0,"ocean_menu_typo_font_size_unit":"px","ocean_menu_typo_font_weight":"","ocean_menu_typo_font_weight_tablet":"","ocean_menu_typo_font_weight_mobile":"","ocean_menu_typo_transform":"","ocean_menu_typo_transform_tablet":"","ocean_menu_typo_transform_mobile":"","ocean_menu_typo_line_height":0,"ocean_menu_typo_line_height_tablet":0,"ocean_menu_typo_line_height_mobile":0,"ocean_menu_typo_line_height_unit":"","ocean_menu_typo_spacing":0,"ocean_menu_typo_spacing_tablet":0,"ocean_menu_typo_spacing_mobile":0,"ocean_menu_typo_spacing_unit":"","ocean_menu_link_color":"","ocean_menu_link_color_hover":"","ocean_menu_link_color_active":"","ocean_menu_link_background":"","ocean_menu_link_hover_background":"","ocean_menu_link_active_background":"","ocean_menu_social_links_bg":"","ocean_menu_social_hover_links_bg":"","ocean_menu_social_links_color":"","ocean_menu_social_hover_links_color":"","ocean_disable_title":"default","ocean_disable_heading":"default","ocean_post_title":"","ocean_post_subheading":"","ocean_post_title_style":"","ocean_post_title_background_color":"","ocean_post_title_background":0,"ocean_post_title_bg_image_position":"","ocean_post_title_bg_image_attachment":"","ocean_post_title_bg_image_repeat":"","ocean_post_title_bg_image_size":"","ocean_post_title_height":0,"ocean_post_title_bg_overlay":0.5,"ocean_post_title_bg_overlay_color":"","ocean_disable_breadcrumbs":"default","ocean_breadcrumbs_color":"","ocean_breadcrumbs_separator_color":"","ocean_breadcrumbs_links_color":"","ocean_breadcrumbs_links_hover_color":"","ocean_display_footer_widgets":"default","ocean_display_footer_bottom":"default","ocean_custom_footer_template":"","ocean_post_oembed":"","ocean_post_self_hosted_media":"","ocean_post_video_embed":"","ocean_link_format":"","ocean_link_format_target":"self","ocean_quote_format":"","ocean_quote_format_link":"post","ocean_gallery_link_images":"on","ocean_gallery_id":[],"footnotes":""},"categories":[15],"tags":[],"class_list":["post-6089","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-clanky","entry","has-media"],"_links":{"self":[{"href":"https:\/\/cyberawareness.sk\/en\/wp-json\/wp\/v2\/posts\/6089","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cyberawareness.sk\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cyberawareness.sk\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cyberawareness.sk\/en\/wp-json\/wp\/v2\/users\/9"}],"replies":[{"embeddable":true,"href":"https:\/\/cyberawareness.sk\/en\/wp-json\/wp\/v2\/comments?post=6089"}],"version-history":[{"count":5,"href":"https:\/\/cyberawareness.sk\/en\/wp-json\/wp\/v2\/posts\/6089\/revisions"}],"predecessor-version":[{"id":8852,"href":"https:\/\/cyberawareness.sk\/en\/wp-json\/wp\/v2\/posts\/6089\/revisions\/8852"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cyberawareness.sk\/en\/wp-json\/wp\/v2\/media\/5713"}],"wp:attachment":[{"href":"https:\/\/cyberawareness.sk\/en\/wp-json\/wp\/v2\/media?parent=6089"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cyberawareness.sk\/en\/wp-json\/wp\/v2\/categories?post=6089"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cyberawareness.sk\/en\/wp-json\/wp\/v2\/tags?post=6089"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}