From Prey to Protect: Exploring Social Engineering Through Games and Simulation. Trust, Awareness, and Phishing Defense

Affan Yasin; Rubia Fatima; Ira Puspitasari; Abdul Basit Dogar; Liu Yang; Kashif Ishaq

doi:10.1007/s10207-025-01193-y

From Prey to Protect: Exploring Social Engineering Through Games and Simulation. Trust, Awareness, and Phishing Defense

Affan Yasin^*
, Rubia Fatima
, Ira Puspitasari^*
, Abdul Basit Dogar
, Liu Yang
, Kashif Ishaq

^*Corresponding author for this work

Emerson University Multan
Universitas Airlangga
University of Management and Technology
Xi'an Jiaotong-Liverpool University

Research output: Contribution to journal › Article › peer-review

Abstract

Context: Social engineering attacks exploit human vulnerabilities rather than technical weaknesses, manipulating individuals to divulge confidential information or grant unauthorized access. As these attacks grow more sophisticated, there is an urgent need to understand their propagation and devise effective countermeasures. Objectives: This study aims to investigate the dynamics of social engineering attack propagation using agent-based modeling and simulation. Furthermore, it seeks to apply this understanding to design, develop, and evaluate human-centered, game-based learning tools that promote cybersecurity awareness and trust. Methods: A multifaceted approach was adopted. The i* model was utilized to analyze relationships and interactions in attack scenarios. Next, the NetLogo platform simulated attacker and victim agents within virtual environments, exploring attack intensity and population resilience. Insights from these simulations informed the conceptualization and development of interactive educational activities (both card-based and digital). The effectiveness of these tools was assessed through observation, discussions, brainstorming, and survey analyses. Results: Simulations revealed that high-intensity attacks can overwhelm even well-informed populations, causing significant declines in system health. In contrast, populations with higher baseline knowledge demonstrated resilience against low-intensity attacks. Preliminary assessments of the game-based learning tools showed positive impacts on participant understanding and engagement. Additional evaluations are needed to confirm their generalizability. Conclusion: The findings emphasize the need for integrative strategies combining cybersecurity education, privacy awareness, and public health approaches. The adaptable simulation model offers a robust framework for exploring the societal impact of social engineering attacks. The proposed game-based activities serve as valuable tools for fostering trust and educating individuals on the prevention of such attacks.

Original language	English
Article number	32
Journal	International Journal of Information Security
Volume	25
Issue number	1
DOIs	https://doi.org/10.1007/s10207-025-01193-y
Publication status	Published - Feb 2026

UN SDGs

This output contributes to the following UN Sustainable Development Goals (SDGs)

SDG 3 Good Health and Well-being

Keywords

Agent-based modeling
Education
Game-based activities
Human factor in Security
Online security awareness
Phishing attacks
Phishing detection
Social engineering attacks

Access to Document

10.1007/s10207-025-01193-y

Cite this

@article{1adec1db64fa4c72943edc7720192465,

title = "From Prey to Protect: Exploring Social Engineering Through Games and Simulation. Trust, Awareness, and Phishing Defense",

abstract = "Context: Social engineering attacks exploit human vulnerabilities rather than technical weaknesses, manipulating individuals to divulge confidential information or grant unauthorized access. As these attacks grow more sophisticated, there is an urgent need to understand their propagation and devise effective countermeasures. Objectives: This study aims to investigate the dynamics of social engineering attack propagation using agent-based modeling and simulation. Furthermore, it seeks to apply this understanding to design, develop, and evaluate human-centered, game-based learning tools that promote cybersecurity awareness and trust. Methods: A multifaceted approach was adopted. The i* model was utilized to analyze relationships and interactions in attack scenarios. Next, the NetLogo platform simulated attacker and victim agents within virtual environments, exploring attack intensity and population resilience. Insights from these simulations informed the conceptualization and development of interactive educational activities (both card-based and digital). The effectiveness of these tools was assessed through observation, discussions, brainstorming, and survey analyses. Results: Simulations revealed that high-intensity attacks can overwhelm even well-informed populations, causing significant declines in system health. In contrast, populations with higher baseline knowledge demonstrated resilience against low-intensity attacks. Preliminary assessments of the game-based learning tools showed positive impacts on participant understanding and engagement. Additional evaluations are needed to confirm their generalizability. Conclusion: The findings emphasize the need for integrative strategies combining cybersecurity education, privacy awareness, and public health approaches. The adaptable simulation model offers a robust framework for exploring the societal impact of social engineering attacks. The proposed game-based activities serve as valuable tools for fostering trust and educating individuals on the prevention of such attacks.",

keywords = "Agent-based modeling, Education, Game-based activities, Human factor in Security, Online security awareness, Phishing attacks, Phishing detection, Social engineering attacks",

author = "Affan Yasin and Rubia Fatima and Ira Puspitasari and Dogar, \{Abdul Basit\} and Liu Yang and Kashif Ishaq",

note = "Publisher Copyright: {\textcopyright} The Author(s), under exclusive licence to Springer-Verlag GmbH Germany, part of Springer Nature 2026.",

year = "2026",

month = feb,

doi = "10.1007/s10207-025-01193-y",

language = "English",

volume = "25",

journal = "International Journal of Information Security",

issn = "1615-5262",

number = "1",

}

TY - JOUR

T1 - From Prey to Protect

T2 - Exploring Social Engineering Through Games and Simulation. Trust, Awareness, and Phishing Defense

AU - Yasin, Affan

AU - Fatima, Rubia

AU - Puspitasari, Ira

AU - Dogar, Abdul Basit

AU - Yang, Liu

AU - Ishaq, Kashif

N1 - Publisher Copyright: © The Author(s), under exclusive licence to Springer-Verlag GmbH Germany, part of Springer Nature 2026.

PY - 2026/2

Y1 - 2026/2

N2 - Context: Social engineering attacks exploit human vulnerabilities rather than technical weaknesses, manipulating individuals to divulge confidential information or grant unauthorized access. As these attacks grow more sophisticated, there is an urgent need to understand their propagation and devise effective countermeasures. Objectives: This study aims to investigate the dynamics of social engineering attack propagation using agent-based modeling and simulation. Furthermore, it seeks to apply this understanding to design, develop, and evaluate human-centered, game-based learning tools that promote cybersecurity awareness and trust. Methods: A multifaceted approach was adopted. The i* model was utilized to analyze relationships and interactions in attack scenarios. Next, the NetLogo platform simulated attacker and victim agents within virtual environments, exploring attack intensity and population resilience. Insights from these simulations informed the conceptualization and development of interactive educational activities (both card-based and digital). The effectiveness of these tools was assessed through observation, discussions, brainstorming, and survey analyses. Results: Simulations revealed that high-intensity attacks can overwhelm even well-informed populations, causing significant declines in system health. In contrast, populations with higher baseline knowledge demonstrated resilience against low-intensity attacks. Preliminary assessments of the game-based learning tools showed positive impacts on participant understanding and engagement. Additional evaluations are needed to confirm their generalizability. Conclusion: The findings emphasize the need for integrative strategies combining cybersecurity education, privacy awareness, and public health approaches. The adaptable simulation model offers a robust framework for exploring the societal impact of social engineering attacks. The proposed game-based activities serve as valuable tools for fostering trust and educating individuals on the prevention of such attacks.

AB - Context: Social engineering attacks exploit human vulnerabilities rather than technical weaknesses, manipulating individuals to divulge confidential information or grant unauthorized access. As these attacks grow more sophisticated, there is an urgent need to understand their propagation and devise effective countermeasures. Objectives: This study aims to investigate the dynamics of social engineering attack propagation using agent-based modeling and simulation. Furthermore, it seeks to apply this understanding to design, develop, and evaluate human-centered, game-based learning tools that promote cybersecurity awareness and trust. Methods: A multifaceted approach was adopted. The i* model was utilized to analyze relationships and interactions in attack scenarios. Next, the NetLogo platform simulated attacker and victim agents within virtual environments, exploring attack intensity and population resilience. Insights from these simulations informed the conceptualization and development of interactive educational activities (both card-based and digital). The effectiveness of these tools was assessed through observation, discussions, brainstorming, and survey analyses. Results: Simulations revealed that high-intensity attacks can overwhelm even well-informed populations, causing significant declines in system health. In contrast, populations with higher baseline knowledge demonstrated resilience against low-intensity attacks. Preliminary assessments of the game-based learning tools showed positive impacts on participant understanding and engagement. Additional evaluations are needed to confirm their generalizability. Conclusion: The findings emphasize the need for integrative strategies combining cybersecurity education, privacy awareness, and public health approaches. The adaptable simulation model offers a robust framework for exploring the societal impact of social engineering attacks. The proposed game-based activities serve as valuable tools for fostering trust and educating individuals on the prevention of such attacks.

KW - Agent-based modeling

KW - Education

KW - Game-based activities

KW - Human factor in Security

KW - Online security awareness

KW - Phishing attacks

KW - Phishing detection

KW - Social engineering attacks

UR - https://www.scopus.com/pages/publications/105028497536

U2 - 10.1007/s10207-025-01193-y

DO - 10.1007/s10207-025-01193-y

M3 - Article

AN - SCOPUS:105028497536

SN - 1615-5262

VL - 25

JO - International Journal of Information Security

JF - International Journal of Information Security

IS - 1

M1 - 32

ER -

From Prey to Protect: Exploring Social Engineering Through Games and Simulation. Trust, Awareness, and Phishing Defense

Abstract

UN SDGs

Keywords

Access to Document

Other files and links

Cite this