Analysis and testing of systems countering phishing and social engineering attacks at the corporate level

Abstract This study aims to analyze the shortcomings of current corporate defenses against phishing and social engineering attacks and to design and experimentally evaluate a multi-layered protection model integrating technical, organizational, and behavioral controls. A hybrid research approach combined analytical review, quantitative evaluation, and experimental testing. Empirical experiments were conducted in a simulated corporate environment including a mail server and filtering nodes. Three open-source filters (Rspamd, SpamAssassin, Dspam) were compared using the SpamAssassin Public Corpus. Additionally, corporate training data from phishing simulations and endpoint security performance tests were analyzed to assess user behavior and system resilience. Comparative testing of three email filters (Rspamd, SpamAssassin, and Dspam) was carried out using the SpamAssassin Public Corpus. The evaluation considered detection accuracy, recall, the number of false positives, and resource consumption. Based on these results, Rspamd was recommended as the most balanced option for practical implementation. Endpoint testing further demonstrated that properly configured systems with OSSEC, ClamAV, YARA, and Sysmon blocked 97% of malicious samples with minimal false positives. Segmenting training by function and experience, alongside immediate “click-based” feedback, proved far more effective than traditional awareness sessions.