Social engineering is a large problem in our modern technological world, but while conceptually understood, it is harder to teach compared to traditional pen testing techniques. This research details a class project where students implemented a phishing exercise against real-world targets. Through cooperation with an external corporate partner, students learned the legal, technical, behavioral, analysis, and reporting aspects of social engineering. The outcome provided both usable data for a real-world corporation as well as valuable educational experience for the students.
Luse, Andy and Burkman, Jim
"Gophish: Implementing a Real-World Phishing Exercise to Teach Social Engineering,"
Journal of Cybersecurity Education, Research and Practice: Vol. 2020
, Article 5.
Available at: https://digitalcommons.kennesaw.edu/jcerp/vol2020/iss2/5