Keywords
Phishing Simulation
Staff Awareness
Higher Education
Nigeria
How to Cite
Share
Abstract
Phishing remains one of the most persistent cybersecurity threats to academic institutions, exploiting human vulnerabilities more than technological loopholes. This study evaluates the effectiveness of simulated phishing interventions in enhancing staff awareness across three tertiary institutions in Taraba State, Nigeria (codenamed UNI A, UNI B, and UNI C). With the cooperation and approval of each institution’s ICT director, more than 900 phishing emails themed around a “13-month salary bonus payment” were disseminated to staff, with several hundred responses recorded. A quasi-experimental design was employed, consisting of a pre-intervention survey, the phishing simulation, and a post-intervention survey. Results revealed high initial susceptibility, with a majority of respondents engaging with the phishing email. Post-intervention analysis demonstrated statistically significant improvements in staff self-assessed awareness and phishing detection skills, as confirmed by Chi-Square testing (p < 0.001). Institutional comparisons indicated variations in susceptibility and reporting culture, suggesting that contextual factors such as communication practices and ICT exposure influence vulnerability levels. The findings highlight the urgent need for continuous, customized awareness programs, formalized incident reporting mechanisms, and integration of phishing simulations into professional development policies within Nigerian higher education.
This work is licensed under a Creative Commons Attribution 4.0 International License.
Copyright (c) 2025 AUGUSTINE NDUDI EGERE, HUSSEINI USMAN YARO, AARON IHE NWOKOCHA, AARON IHE NWOKOCHA (Author)