{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,13]],"date-time":"2026-04-13T09:59:52Z","timestamp":1776074392649,"version":"3.50.1"},"reference-count":39,"publisher":"Springer Science and Business Media LLC","issue":"2","license":[{"start":{"date-parts":[[2026,3,13]],"date-time":"2026-03-13T00:00:00Z","timestamp":1773360000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2026,3,13]],"date-time":"2026-03-13T00:00:00Z","timestamp":1773360000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Int. J. Inf. Secur."],"abstract":"Abstract<\/jats:title>\n This study aims to analyze the shortcomings of current corporate defenses against phishing and social engineering attacks and to design and experimentally evaluate a multi-layered protection model integrating technical, organizational, and behavioral controls. A hybrid research approach combined analytical review, quantitative evaluation, and experimental testing. Empirical experiments were conducted in a simulated corporate environment including a mail server and filtering nodes. Three open-source filters (Rspamd, SpamAssassin, Dspam) were compared using the SpamAssassin Public Corpus. Additionally, corporate training data from phishing simulations and endpoint security performance tests were analyzed to assess user behavior and system resilience. Comparative testing of three email filters (Rspamd, SpamAssassin, and Dspam) was carried out using the SpamAssassin Public Corpus. The evaluation considered detection accuracy, recall, the number of false positives, and resource consumption. Based on these results, Rspamd was recommended as the most balanced option for practical implementation. Endpoint testing further demonstrated that properly configured systems with OSSEC, ClamAV, YARA, and Sysmon blocked 97% of malicious samples with minimal false positives. Segmenting training by function and experience, alongside immediate \u201cclick-based\u201d feedback, proved far more effective than traditional awareness sessions.<\/jats:p>","DOI":"10.1007\/s10207-026-01238-w","type":"journal-article","created":{"date-parts":[[2026,3,13]],"date-time":"2026-03-13T09:37:25Z","timestamp":1773394645000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Analysis and testing of systems countering phishing and social engineering attacks at the corporate level"],"prefix":"10.1007","volume":"25","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-8461-8996","authenticated-orcid":false,"given":"Opirskyy","family":"Ivan","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7359-1177","authenticated-orcid":false,"given":"Lys","family":"Stepan","sequence":"additional","affiliation":[]},{"given":"Shakh","family":"Vladyslav","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2026,3,13]]},"reference":[{"key":"1238_CR1","doi-asserted-by":"publisher","unstructured":"Korol, O., Milevskyi, S., Milov, O., Pohasii, S., Melenti, Y., Hrebeniuk, V., Havrylova, A., Herasymov, S., Korolev, R., Barabash, O., Sobchuk, V., Kyrychok, R., Shuklin, G., Akhramovych, V., Savchenko, V., Golovashych, S., Lezik, O., Opirskyy, I., Voitko, O., et al.: Models of socio-cyber-physical systems security. In: Yevseiev, S., Khokhlachova, Y., Ostapov, S., Laptiev, O. (eds.) Technology Center PC (2023). https:\/\/doi.org\/10.15587\/978-617-7319-72-5","DOI":"10.15587\/978-617-7319-72-5"},{"key":"1238_CR2","doi-asserted-by":"publisher","DOI":"10.15587\/978-617-7319-57-2","author":"S Yevseiev","year":"2022","unstructured":"Yevseiev, S., Hryshchuk, R., Molodetska, K., Nazarkevych, M., Hrytsyk, V., Milov, O., Korol, O., Milevskyi, S., Korolev, R., Pohasii, S., Tkachov, A., Melenti, Y., Lavrut, O., Havrylova, A., Herasymov, S., Holotaistrova, H., Avramenko, D., Vozniak, R., Voitko, O., et al.: Modeling of security systems for critical infrastructure facilities. Technol. Cent. PC (2022). https:\/\/doi.org\/10.15587\/978-617-7319-57-2","journal-title":"Technol. Cent. PC"},{"issue":"12","key":"1238_CR3","doi-asserted-by":"publisher","first-page":"46","DOI":"10.5815\/ijisa.2017.12.05","volume":"9","author":"Z Hu","year":"2017","unstructured":"Hu, Z., Khokhlachova, Y., Sydorenko, V., Opirskyy, I.: Method for optimization of information security systems behavior under conditions of influences. Int. J. Intell. Syst. Appl. 9(12), 46\u201358 (2017). https:\/\/doi.org\/10.5815\/ijisa.2017.12.05","journal-title":"Int. J. Intell. Syst. Appl."},{"issue":"99","key":"1238_CR4","doi-asserted-by":"publisher","first-page":"6","DOI":"10.15587\/1729-4061.2019.166349","volume":"3\/9","author":"V Dudykevych","year":"2019","unstructured":"Dudykevych, V., Prokopyshyn, I., Chekurin, V., Opirskyy, I., Lakh, Y., Kret, T., Ivanchenko, Y., Ivanchenko, I.: A multicriterial analysis of the efficiency of conservative information security systems. East.-Europ. J. Enterp. Technol. 3\/9(99), 6\u201313 (2019). https:\/\/doi.org\/10.15587\/1729-4061.2019.166349","journal-title":"East.-Europ. J. Enterp. Technol."},{"issue":"2","key":"1238_CR5","doi-asserted-by":"publisher","first-page":"211","DOI":"10.47839\/ijc.20.2.2168","volume":"20","author":"S Zybin","year":"2021","unstructured":"Zybin, S., Khoroshko, V., Maksymovych, V., Opirskyy, I.: Effective distribution of tasks in multiprocessor and multi-computers distributed homogeneous systems. Int. J. Comput. 20(2), 211\u2013220 (2021). https:\/\/doi.org\/10.47839\/ijc.20.2.2168","journal-title":"Int. J. Comput."},{"issue":"98","key":"1238_CR6","doi-asserted-by":"publisher","first-page":"56","DOI":"10.15587\/1729-4061.2019.164730","volume":"2\/9","author":"O Milov","year":"2019","unstructured":"Milov, O., Voitko, A., Husarova, I., Domaskin, O., Ivanchenko, Y., Ivanchenko, I., Korol, O., Kots, H., Opirskyy, I., Fraze-Frazenko, O.: Development of methodology for modeling the interaction of antagonistic agents in cybersecurity systems. East.-Europ. J. Enterp. Technol. 2\/9(98), 56\u201366 (2019). https:\/\/doi.org\/10.15587\/1729-4061.2019.164730","journal-title":"East.-Europ. J. Enterp. Technol."},{"key":"1238_CR7","doi-asserted-by":"publisher","DOI":"10.1016\/j.chbr.2021.100126","volume":"4","author":"AH Washo","year":"2021","unstructured":"Washo, A.H.: An interdisciplinary view of social engineering: a call to action for research. Comput. Hum. Behav. Rep. 4, 100126 (2021). https:\/\/doi.org\/10.1016\/j.chbr.2021.100126","journal-title":"Comput. Hum. Behav. Rep."},{"issue":"5","key":"1238_CR8","doi-asserted-by":"publisher","DOI":"10.3390\/info9050110","volume":"9","author":"D Airehrour","year":"2018","unstructured":"Airehrour, D., Nair, N.V., Madanian, S.: Social engineering attacks and countermeasures in the New Zealand banking system: advancing a user-reflective mitigation model. Information 9(5), Article 110 (2018). https:\/\/doi.org\/10.3390\/info9050110","journal-title":"Information"},{"key":"1238_CR9","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1016\/B978-0-323-90570-1.00012-7","volume-title":"Cybersecurity and cognitive science","author":"R Montanez","year":"2022","unstructured":"Montanez, R., Atyabi, A., Xu, S.: Social engineering attacks and defenses in the physical world vs. cyberspace: A contrast study. In: Moustafa, A.A. (ed.) Cybersecurity and cognitive science, pp. 3\u201341. Academic Press, San Diego (2022). https:\/\/doi.org\/10.1016\/B978-0-323-90570-1.00012-7"},{"issue":"4","key":"1238_CR10","doi-asserted-by":"publisher","first-page":"239","DOI":"10.32604\/jcs.2023.041095","volume":"4","author":"KS Adu-Manu","year":"2022","unstructured":"Adu-Manu, K.S., Ahiable, R.K., Appati, J.K., Mensah, E.E.: Phishing attacks in social engineering: a review. J. Cyber Secur. 4(4), 239\u2013267 (2022). https:\/\/doi.org\/10.32604\/jcs.2023.041095","journal-title":"J. Cyber Secur."},{"key":"1238_CR11","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1016\/j.eswa.2018.03.050","volume":"106","author":"KL Chiew","year":"2018","unstructured":"Chiew, K.L., Yong, K.S.C., Tan, C.L.: A survey of phishing attacks: their types, vectors and technical approaches. Expert Syst. Appl. 106, 1\u201320 (2018). https:\/\/doi.org\/10.1016\/j.eswa.2018.03.050","journal-title":"Expert Syst. Appl."},{"issue":"3","key":"1238_CR12","doi-asserted-by":"publisher","first-page":"4917","DOI":"10.32604\/cmc.2023.032373","volume":"74","author":"Y Aun","year":"2022","unstructured":"Aun, Y., Gan, M.-L., Wahab, N.H.B.A., Guan, G.H.: Social engineering attack classifications on social media using deep learning. Comput., Mater. Continua 74(3), 4917\u20134931 (2022). https:\/\/doi.org\/10.32604\/cmc.2023.032373","journal-title":"Comput., Mater. Continua"},{"key":"1238_CR13","doi-asserted-by":"publisher","DOI":"10.1186\/s42400-021-00094-6","volume":"4","author":"Z Wang","year":"2021","unstructured":"Wang, Z., Zhu, H., Liu, P., Zhang, L., Liu, C., Zhao, M.: Social engineering in cybersecurity: a domain ontology and knowledge graph application examples. Cybersecurity 4, Article 31 (2021). https:\/\/doi.org\/10.1186\/s42400-021-00094-6","journal-title":"Cybersecurity"},{"key":"1238_CR14","doi-asserted-by":"publisher","first-page":"75","DOI":"10.1016\/j.chb.2016.09.012","volume":"66","author":"M Junger","year":"2017","unstructured":"Junger, M., Montoya, L., Overink, F.-J.: Priming and warnings are not effective to prevent social engineering attacks. Comput. Hum. Behav. 66, 75\u201387 (2017). https:\/\/doi.org\/10.1016\/j.chb.2016.09.012","journal-title":"Comput. Hum. Behav."},{"issue":"Part F","key":"1238_CR15","doi-asserted-by":"publisher","DOI":"10.1016\/j.eswa.2023.122199","volume":"238","author":"G Varshney","year":"2024","unstructured":"Varshney, G., Kumawat, R., Varadharajan, V., Tupakula, U., Gupta, C.: Anti-phishing: a comprehensive perspective. Expert Syst. Appl. 238(Part F), 122199 (2024). https:\/\/doi.org\/10.1016\/j.eswa.2023.122199","journal-title":"Expert Syst. Appl."},{"key":"1238_CR16","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2025.104317","volume":"151","author":"SK Birthriya","year":"2025","unstructured":"Birthriya, S.K., Ahlawat, P., Jain, A.K.: Detection and prevention of spear phishing attacks: a comprehensive survey. Comput. Secur. 151, 104317 (2025). https:\/\/doi.org\/10.1016\/j.cose.2025.104317","journal-title":"Comput. Secur."},{"issue":"4","key":"1238_CR17","doi-asserted-by":"publisher","first-page":"411","DOI":"10.1080\/19393555.2021.1959678","volume":"31","author":"SK Birthriya","year":"2022","unstructured":"Birthriya, S.K., Jain, A.K.: A comprehensive survey of phishing email detection and protection techniques. Inf. Secur. J. Glob. Perspect. 31(4), 411\u2013440 (2022). https:\/\/doi.org\/10.1080\/19393555.2021.1959678","journal-title":"Inf. Secur. J. Glob. Perspect."},{"issue":"1","key":"1238_CR18","doi-asserted-by":"publisher","first-page":"605","DOI":"10.12785\/ijcds\/150144","volume":"15","author":"S Birthriya","year":"2024","unstructured":"Birthriya, S., Ahlawat, P., Jain, A.: An efficient spam and phishing email filtering approach using deep learning and bio-inspired particle swarm optimization. Int. J. Comput. Digit. Syst. 15(1), 605\u2013616 (2024). https:\/\/doi.org\/10.12785\/ijcds\/150144","journal-title":"Int. J. Comput. Digit. Syst."},{"issue":"Part B","key":"1238_CR19","doi-asserted-by":"publisher","first-page":"110403","DOI":"10.1016\/j.compeleceng.2025.110403","volume":"124","author":"C Patra","year":"2025","unstructured":"Patra, C., Giri, D., Nandi, S., Das, A.K., Alenazi, M.J.F.: Phishing email detection using vector similarity search leveraging transformer-based word embedding. Comput. Electr. Eng. 124(Part B), 110403 (2025). https:\/\/doi.org\/10.1016\/j.compeleceng.2025.110403","journal-title":"Comput. Electr. Eng."},{"key":"1238_CR20","doi-asserted-by":"publisher","first-page":"18","DOI":"10.1016\/j.cose.2016.12.013","volume":"69","author":"M Edwards","year":"2017","unstructured":"Edwards, M., Larson, R., Green, B., Rashid, A., Baron, A.: Panning for gold: automatically analysing online social engineering attack surfaces. Comput. Secur. 69, 18\u201334 (2017). https:\/\/doi.org\/10.1016\/j.cose.2016.12.013","journal-title":"Comput. Secur."},{"key":"1238_CR21","doi-asserted-by":"publisher","unstructured":"Gupta, S., Pritwani, M., Shrivastava, A., Moharir, M., Ashok Kumar, A.K.: A Comprehensive Analysis of Social Engineering Attacks: From Phishing to Prevention\u2014Tools, Techniques and Strategies, pp. 1\u20138 (2024). https:\/\/doi.org\/10.1109\/ICoICI62503.2024.10696444","DOI":"10.1109\/ICoICI62503.2024.10696444"},{"key":"1238_CR22","doi-asserted-by":"publisher","first-page":"113","DOI":"10.1016\/j.jisa.2014.09.005","volume":"22","author":"K Krombholz","year":"2015","unstructured":"Krombholz, K., Hobel, H., Huber, M., Weippl, E.: Advanced social engineering attacks. J. Inf. Secur. Appl. 22, 113\u2013122 (2015). https:\/\/doi.org\/10.1016\/j.jisa.2014.09.005","journal-title":"J. Inf. Secur. Appl."},{"issue":"2","key":"1238_CR23","doi-asserted-by":"publisher","first-page":"1551","DOI":"10.32604\/cmes.2024.052375","volume":"141","author":"B-S Kim","year":"2024","unstructured":"Kim, B.-S., Suk, H.-W., Choi, Y.-H., Moon, D.-S., Kim, M.-S.: Optimal cyber attack strategy using reinforcement learning based on common vulnerability scoring system. Comput. Model. Eng. Sci. 141(2), 1551\u20131574 (2024). https:\/\/doi.org\/10.32604\/cmes.2024.052375","journal-title":"Comput. Model. Eng. Sci."},{"key":"1238_CR24","doi-asserted-by":"publisher","DOI":"10.1016\/j.eswa.2025.127044","volume":"276","author":"C Opara","year":"2025","unstructured":"Opara, C., Modesti, P., Golightly, L.: Evaluating spam filters and stylometric detection of AI-generated phishing emails. Expert Syst. Appl. 276, 127044 (2025). https:\/\/doi.org\/10.1016\/j.eswa.2025.127044","journal-title":"Expert Syst. Appl."},{"issue":"3","key":"1238_CR25","doi-asserted-by":"publisher","first-page":"4803","DOI":"10.32604\/cmc.2022.025310","volume":"72","author":"C Lee","year":"2022","unstructured":"Lee, C., Lee, K.: Impact analysis of resilience against malicious code attacks via emails. Comput., Mater. Continua 72(3), 4803\u20134816 (2022). https:\/\/doi.org\/10.32604\/cmc.2022.025310","journal-title":"Comput., Mater. Continua"},{"issue":"5","key":"1238_CR26","doi-asserted-by":"publisher","first-page":"1130","DOI":"10.1108\/ITP-12-2017-0422","volume":"32","author":"CC Campbell","year":"2018","unstructured":"Campbell, C.C.: Solutions for counteracting human deception in social engineering attacks. Inf. Technol. People 32(5), 1130\u20131152 (2018). https:\/\/doi.org\/10.1108\/ITP-12-2017-0422","journal-title":"Inf. Technol. People"},{"key":"1238_CR27","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2022.102937","volume":"123","author":"M Butavicius","year":"2022","unstructured":"Butavicius, M., Taib, R., Han, S.J.: Why people keep falling for phishing scams: the effects of time pressure and deception cues on the detection of phishing emails. Comput. Secur. 123, 102937 (2022). https:\/\/doi.org\/10.1016\/j.cose.2022.102937","journal-title":"Comput. Secur."},{"key":"1238_CR28","doi-asserted-by":"publisher","DOI":"10.1016\/j.dss.2023.113977","volume":"171","author":"D Bera","year":"2023","unstructured":"Bera, D., Ogbanufe, O., Kim, D.J.: Towards a thematic dimensional framework of online fraud: an exploration of fraudulent email attack tactics and intentions. Decis. Support. Syst. 171, 113977 (2023). https:\/\/doi.org\/10.1016\/j.dss.2023.113977","journal-title":"Decis. Support. Syst."},{"key":"1238_CR29","unstructured":"Verizon: 2024 Data Breach Investigations Report. Verizon Business. OGREP3970524 (2024)"},{"key":"1238_CR30","unstructured":"Hoxhunt: Phishing Trends Report (Updated for 2025) (2025)"},{"key":"1238_CR31","unstructured":"Federal Communications Commission: Cyber Security Planning Guide. U.S. Department of Commerce (2025)"},{"key":"1238_CR32","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2023.103364","volume":"132","author":"D Hillman","year":"2023","unstructured":"Hillman, D., Harel, Y., Toch, E.: Evaluating organizational phishing awareness training on an enterprise scale. Comput. Secur. 132, 103364 (2023). https:\/\/doi.org\/10.1016\/j.cose.2023.103364","journal-title":"Comput. Secur."},{"key":"1238_CR33","unstructured":"CISA: CISA Insights\u2014Cyber: Enhance Email and Web Security: At-a-glance recommendations. U.S. Department of Homeland Security (2025)"},{"key":"1238_CR34","unstructured":"NCSC: Phishing attacks: defending your organisation. How to defend your organisation from email phishing attacks. Guidance. Version 2.0 (2024)"},{"key":"1238_CR35","unstructured":"Apache SpamAssassin Project: SpamAssassin Public Mail Corpus. Apache Software Foundation. Retrieved September 17, 2025 (2025)"},{"key":"1238_CR36","unstructured":"Rspamd: Documentation. Rspamd Project. Retrieved September 17, 2025 (2025)"},{"key":"1238_CR37","unstructured":"Apache Software Foundation: Apache SpamAssassin: Documentation (2025)"},{"key":"1238_CR38","unstructured":"DSPAM Project: DSPAM\u2014Community Driven Antispam Filter. Official documentation (2025)"},{"key":"1238_CR39","unstructured":"MalwareBazaar database. (2025).\nhttps:\/\/bazaar.abuse.ch. Accessed 17 Sept 2025"}],"container-title":["International Journal of Information Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-026-01238-w.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10207-026-01238-w","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-026-01238-w.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,4,13]],"date-time":"2026-04-13T09:19:25Z","timestamp":1776071965000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10207-026-01238-w"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,3,13]]},"references-count":39,"journal-issue":{"issue":"2","published-online":{"date-parts":[[2026,4]]}},"alternative-id":["1238"],"URL":"https:\/\/doi.org\/10.1007\/s10207-026-01238-w","relation":{},"ISSN":["1615-5270"],"issn-type":[{"value":"1615-5270","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026,3,13]]},"assertion":[{"value":"15 September 2025","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"24 February 2026","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"13 March 2026","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare no competing interests.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interest"}}],"article-number":"69"}}