Course Project Title

Design, Deployment, and Execution of a Security Awareness Campaign Using GoPhish


1. Project Overview

The purpose of this project is to allow students to apply concepts related to cybersecurity awareness, social engineering, phishing simulation, project planning, risk management, and ethical cybersecurity operations through the deployment of a phishing simulation platform using GoPhish.

Students will work in groups to design, build, test, and execute a controlled phishing awareness campaign within an approved academic environment.

This project is designed to simulate the activities commonly performed by cybersecurity awareness teams, Security Operations Centers (SOC), Red Teams, and Governance, Risk, and Compliance (GRC) functions when conducting phishing awareness assessments.

The project will be completed in phases from Midterm Week until Finals Week.


2. Learning Objectives

Upon completion of this project, students should be able to:

Technical Skills

  • Deploy and configure GoPhish
  • Configure landing pages and email templates
  • Configure sending profiles
  • Create phishing campaigns
  • Track user interactions and metrics

Security Skills

  • Design realistic phishing scenarios
  • Identify organizational attack surfaces
  • Analyze human vulnerabilities
  • Measure awareness effectiveness

Governance and Ethics Skills

  • Develop safe and ethical phishing exercises
  • Define campaign scope and rules of engagement
  • Document risks and controls
  • Obtain appropriate approvals

Project Management Skills

  • Develop implementation plans
  • Create campaign storyboards
  • Present findings and recommendations

3. Group Composition

Group Size

  • 4–6 students per group

Team Roles (Recommended)

Role Responsibilities
Project Lead Coordinates project activities
GoPhish Administrator Deploys and manages GoPhish
Campaign Designer Creates templates and landing pages
Security Analyst Defines tracking and reporting
Documentation Lead Creates reports and storyboard
Presenter Leads demonstrations

Multiple roles may be assigned to one member if necessary.


4. Ethical and Legal Requirements

This project is an educational exercise.

The following activities are strictly prohibited:

❌ Collecting real passwords

❌ Harvesting personal information

❌ Sending phishing emails to external organizations

❌ Conducting campaigns without approval

❌ Disrupting school operations

❌ Impersonating school officials without instructor approval

Required Design Principle

All phishing simulations must be:

  • Educational
  • Benign
  • Non-malicious
  • Awareness-focused

The objective is to measure behavior, not compromise accounts.


5. Midterm Project Scope

Deliverable 1: GoPhish Deployment

Each group must deploy GoPhish using either:

Option A: Cloud Deployment

Examples:

  • AWS EC2
  • Azure VM
  • DigitalOcean
  • Oracle Cloud
  • Google Cloud

Option B: On-Premises Deployment

Examples:

  • VirtualBox
  • VMware
  • Physical Server
  • Local Linux Host

Students must demonstrate:

  • Installation
  • Initial configuration
  • Access to admin portal
  • Sending profile creation
  • Campaign creation

Deliverable 2: Campaign Proposal

Each group must submit one proposed phishing awareness campaign.

Target Audience

Choose one:

  • Students
  • Faculty
  • Administrative Personnel
  • IT Staff
  • School Employees

Campaign Proposal Template

Campaign Name

Example:

“Enrollment Advisory Verification Campaign”

Target Group

Example:

Undergraduate Students

Objective

Example:

Measure how many students click enrollment-related links.

Success Metrics

Example:

  • Email Open Rate
  • Click Rate
  • Form Submission Rate
  • Reporting Rate

Risk Assessment

Potential Risks:

  • Confusion
  • User complaints
  • Technical issues

Mitigation Measures:

  • Awareness briefing
  • Debriefing email
  • Instructor supervision

Deliverable 3: Campaign Storyboard

Students must produce a visual storyboard describing the complete campaign lifecycle.

Storyboard Must Include

Step 1

Planning Phase

  • Objective
  • Target audience
  • Scope

Step 2

Email Development

  • Subject line
  • Sender identity
  • Message content

Step 3

Landing Page Creation

  • User interaction flow
  • Awareness message

Step 4

Campaign Launch

  • Recipient upload
  • Scheduling

Step 5

Tracking

  • Opens
  • Clicks
  • Interactions

Step 6

Reporting

  • Metrics
  • Findings

Step 7

Lessons Learned

  • Recommendations
  • Awareness improvements

Deliverable 4: Video Demonstration

Duration

10–15 minutes

Required Content

Part 1

Team Introduction

Part 2

GoPhish Setup

Show:

  • Installation
  • Configuration
  • Dashboard

Part 3

Campaign Creation

Show:

  • Email Template
  • Landing Page
  • User Group
  • Sending Profile

Part 4

Storyboard Walkthrough

Explain:

  • Campaign objectives
  • Expected outcomes

Part 5

Project Reflection

Challenges encountered and lessons learned.


6. Project Timeline


MIDTERM WEEK

Submission 1

GoPhish Setup + Campaign Proposal

Deliverables:

✅ GoPhish Environment

✅ Campaign Proposal

✅ Storyboard

✅ Video Demonstration

Weight: 25%


MILESTONE 1

Campaign Design Validation

Objective

Finalize campaign design.

Deliverables

Approved Email Template

Approved Landing Page

Rules of Engagement Document

Must include:

  • Scope
  • Target audience
  • Timeline
  • Safety controls

Pilot Testing Results

Conduct testing with:

  • Team members
  • Instructor
  • Volunteer participants

Weight: 15%


MILESTONE 2

Pre-Deployment Readiness Review

Objective

Prepare for production simulation.

Deliverables

Infrastructure Readiness

  • DNS configuration
  • Sending profile validation
  • Tracking verification

Risk Assessment

Identify:

  • Operational risks
  • Technical risks
  • Human risks

Deployment Plan

Include:

  • Launch schedule
  • Communication plan
  • Escalation procedures

Dry Run Demonstration

Show end-to-end execution.

Weight: 20%


MILESTONE 3

Pilot Simulation

Objective

Conduct limited-scope simulation.

Deliverables

Pilot Campaign Execution

Target:

  • Small approved audience

Metrics Collection

Measure:

  • Delivery Rate
  • Open Rate
  • Click Rate
  • Reporting Rate

Findings Report

Document:

  • User behavior
  • Lessons learned
  • Improvements required

Weight: 15%


FINALS WEEK

Final Campaign Execution and Presentation

Objective

Execute the approved phishing awareness campaign and present results.

Deliverables

Full Campaign Execution

Approved target audience only.

Campaign Report

Must include:

Executive Summary

Campaign Objectives

Methodology

Storyboard

Metrics

Findings

Lessons Learned

Awareness Recommendations


Final Presentation

15–20 Minutes

Required Sections:

  1. Project Overview
  2. Infrastructure Architecture
  3. Campaign Design
  4. Storyboard
  5. Demonstration
  6. Results Analysis
  7. Ethical Considerations
  8. Recommendations

Weight: 25%


7. Final Report Structure

  1. Cover Page
  2. Team Members
  3. Executive Summary
  4. Campaign Objectives
  5. GoPhish Architecture
  6. Campaign Storyboard
  7. Email Template Design
  8. Landing Page Design
  9. Rules of Engagement
  10. Campaign Metrics
  11. Findings
  12. Lessons Learned
  13. Recommendations
  14. Appendices

8. Evaluation Rubric

Criteria Weight
GoPhish Deployment 20%
Campaign Design 15%
Storyboard Quality 15%
Technical Demonstration 15%
Ethical Design & Safety Controls 10%
Documentation Quality 10%
Final Campaign Execution 10%
Presentation & Defense 5%
Total 100%

Expected Final Outcome

By Finals Week, each group should be able to demonstrate a complete phishing awareness program that includes:

  • A working GoPhish deployment
  • Approved phishing scenarios
  • Campaign storyboards
  • Safe and ethical implementation procedures
  • Pilot and final campaign execution
  • Measurable awareness metrics
  • Recommendations for improving cybersecurity awareness within the school environment

The emphasis of this project is not on compromising users, but on understanding human behavior, measuring awareness, and designing effective cybersecurity education programs.

Leave a Reply