Abstract
Context: In the current era of digital technology, social engineers are using various tactics to undermine human weaknesses. Social Engineers target human psychology to achieve their target(s) which are in the form of data, account details, or IT devices etc. According to our research, one of the first methods social engineers used to target victims is Phishing/Spear Phishing. Objective: The objective of this study is to utilize serious game to: i) educate players regarding phishing and spear-phishing attacks; ii) make aware and educate players regarding dangers associated with excessive online information disclosure. Method: In order to address the objectives we have: i) performed an in-depth literature review to extract insights related to social engineering, phishing, game design, learning functions, human interaction, and game-based learning etc; ii) proposed and aligned the game design with social engineering ontology concepts; iii) performed an empirical evaluation to evaluate the effectiveness of the designed board game. Conclusion: From this research study, we conclude that: i) PhishI game is useful in educating players regarding excessive online information disclosure and phishing awareness; ii) game-based learning is an effective method for inculcating and general cyber-related awareness in players.
| Original language | English |
|---|---|
| Pages (from-to) | 581-612 |
| Number of pages | 32 |
| Journal | Journal of Computer Security |
| Volume | 27 |
| Issue number | 6 |
| DOIs | |
| Publication status | Published - 2019 |
| Externally published | Yes |
Keywords
- collaborative learning
- empirical evaluation
- human and social aspects
- information assurance
- Security and privacy
- serious game
- social engineering