Leveraging EUD and Generative AI for Ethical Phishing Campaigns

Cyber attacks are increasingly emerging as problems. They are caused not only by technological aspects but also by human factors that are often overlooked during the design of interactive systems. Reports by cybersecurity giants such as IBM and Verizon have shown that up to 95% of security incidents result from human error. This phenomenon is dramatically amplified in contexts such as public administrations, which often lack the financial and human resources to defend themselves against cyber attacks. To address this issue, this paper presents a web platform called DAMOCLES that aims to support the digital defense of Italian public administrations through human factor assessments related to cyber incidents and the mitigation of emerging vulnerabilities. In particular, this paper illustrates the EUD techniques used in DAMOCLES to facilitate the creation of ethical phishing campaigns, which serve as a tool within the platform to assess the vulnerabilities of organization’s employees.