Abstract
Universities face heightened vulnerability to phishing attacks due to their open information-sharing culture and diverse user populations. This study examines how phishing exploits human factors within campus environments and evaluates three major training strategies: embedded phishing, microlearning, and role-based instruction to understand their individual and combined effectiveness. I explored studies that implement these strategies in pairs and use the strategies alone, identified trends in susceptibility reduction, behavioral reinforcement, and contextual relevance. I suggest that, while each method independently improves user awareness, multiple approaches offer stronger, more adaptable protection by addressing both psychological triggers and role-specific risks. The paper contributes a mixed-strategy framework tailored to higher-education settings, proposing that integrated training models may overcome limitations of traditional quantitative learning phishing campaigns. My insights highlight the need for empirical work that evaluates combined training approaches in real campus environments to determine whether integrated models can produce sustained reductions in phishing susceptibility and long-term cultural resilience.
Faculty Advisor/Mentor
Jeremiah Still
Document Type
Paper
Disciplines
Cybersecurity | Information Security | Psychology | Science and Technology Studies
DOI
10.25776/pv2j-rk07
Publication Date
4-17-2026
Upload File
wf_yes
Included in
Cybersecurity Commons, Information Security Commons, Psychology Commons, Science and Technology Studies Commons
Phishing Restraint: University Simulated Phishing Campaigns
Universities face heightened vulnerability to phishing attacks due to their open information-sharing culture and diverse user populations. This study examines how phishing exploits human factors within campus environments and evaluates three major training strategies: embedded phishing, microlearning, and role-based instruction to understand their individual and combined effectiveness. I explored studies that implement these strategies in pairs and use the strategies alone, identified trends in susceptibility reduction, behavioral reinforcement, and contextual relevance. I suggest that, while each method independently improves user awareness, multiple approaches offer stronger, more adaptable protection by addressing both psychological triggers and role-specific risks. The paper contributes a mixed-strategy framework tailored to higher-education settings, proposing that integrated training models may overcome limitations of traditional quantitative learning phishing campaigns. My insights highlight the need for empirical work that evaluates combined training approaches in real campus environments to determine whether integrated models can produce sustained reductions in phishing susceptibility and long-term cultural resilience.