Leveraging EUD and Generative AI for Ethical Phishing Campaigns

Download PDF
Open Webpage

Bernardo Breve, Paolo Buono, Loredana Caruccio, Federico Maria Cau, Gaetano Cimino, Giuseppe Desolda, Vincenzo Deufemia, Rosa Lanzilotti, Lucio Davide Spano, Cesare Tucci

Published: 01 Jan 2025, Last Modified: 02 Feb 2026CrossrefEveryoneRevisionsCC BY-SA 4.0
Abstract: Cyber attacks are increasingly emerging as problems. They are caused not only by technological aspects but also by human factors that are often overlooked during the design of interactive systems. Reports by cybersecurity giants such as IBM and Verizon have shown that up to 95% of security incidents result from human error. This phenomenon is dramatically amplified in contexts such as public administrations, which often lack the financial and human resources to defend themselves against cyber attacks. To address this issue, this paper presents a web platform called DAMOCLES that aims to support the digital defense of Italian public administrations through human factor assessments related to cyber incidents and the mitigation of emerging vulnerabilities. In particular, this paper illustrates the EUD techniques used in DAMOCLES to facilitate the creation of ethical phishing campaigns, which serve as a tool within the platform to assess the vulnerabilities of organization’s employees.