Attack Simulation Training and Its Impact on the Recognition of Phishing Messages
Pekkarinen, Pia (2026)
2026
All rights reserved. This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-202603094011
https://urn.fi/URN:NBN:fi:amk-202603094011
Tiivistelmä
The thesis was commissioned by the target company. The target company is a Nordic retail organization employing thousands of people. The aim of the thesis was to design and implement multiple phishing campaigns, as well as to teach the company's employees a new way to report phishing messages. The purpose of these activities was to enhance employees' ability to recognize phishing messages and respond to them in accordance with the company's guidelines.
The theoretical foundation of the thesis is based on literature concerning social engineering and phishing. Based on these sources, the psychological mechanisms underlying phishing have been explored, along with strategies for training users to function as effective human firewalls in combination with technical security measures. The study utilizes metric-based indicators. The phishing training was implemented using Microsoft Defender’s Attack Simulation Training tool. This tool provides data that helps track the effectiveness of phishing training and changes in user responses over time.
The phishing simulation training was conducted between June 2025 and December 2025. During the training, each user received a total of sixteen phishing messages, each containing an educational landing page for those who clicked the link, downloaded the attachment or entered their credentials. In some training rounds, users who clicked the links were directed to additional training material provided by Microsoft Defender. Those who reported the message received a congratulatory message for taking the correct action.
As a result of the phishing training, the number of reported messages increased significantly compared to initial. Furthermore, clicks on phishing messages decreased from 8.2 percent to 1.1 percent between the first and last rounds. The provision of user credentials also dropped markedly, from 1.7 percent to 0.2 percent over the course of the training.
An analysis of the metrics shows that the phishing simulation training was effective. It is highly recommended that this training be continued, as phishing techniques are constantly evolving and only a well-trained staff can form a strong barrier against attack.
The theoretical foundation of the thesis is based on literature concerning social engineering and phishing. Based on these sources, the psychological mechanisms underlying phishing have been explored, along with strategies for training users to function as effective human firewalls in combination with technical security measures. The study utilizes metric-based indicators. The phishing training was implemented using Microsoft Defender’s Attack Simulation Training tool. This tool provides data that helps track the effectiveness of phishing training and changes in user responses over time.
The phishing simulation training was conducted between June 2025 and December 2025. During the training, each user received a total of sixteen phishing messages, each containing an educational landing page for those who clicked the link, downloaded the attachment or entered their credentials. In some training rounds, users who clicked the links were directed to additional training material provided by Microsoft Defender. Those who reported the message received a congratulatory message for taking the correct action.
As a result of the phishing training, the number of reported messages increased significantly compared to initial. Furthermore, clicks on phishing messages decreased from 8.2 percent to 1.1 percent between the first and last rounds. The provision of user credentials also dropped markedly, from 1.7 percent to 0.2 percent over the course of the training.
An analysis of the metrics shows that the phishing simulation training was effective. It is highly recommended that this training be continued, as phishing techniques are constantly evolving and only a well-trained staff can form a strong barrier against attack.