Open this publication in new window or tab >>Show others...
2024 (English)In: Information and Software Technology, ISSN 0950-5849, E-ISSN 1873-6025, Vol. 170, article id 107426Article in journal (Refereed) Published
Abstract [en]
Context: In the digital age, there is a notable increase in fraudulent activities perpetrated by social engineers who exploit individuals’ limited knowledge of digital devices. These actors strategically manipulate human psychology, targeting IT devices to gain unauthorized access to sensitive data. Objectives: Our study is centered around two distinct objectives to be accomplished through the utilization of a serious game: (i) The primary objective entails delivering training and educational content to participants with a focus on phishing attacks; (ii) The secondary objective aims to heighten participants’ awareness regarding the perils associated with divulging excessive information online. Methodology: To address these objectives, we have employed the following techniques and methods: (i) A comprehensive literature review was conducted to establish foundational knowledge in areas such as social engineering, game design, learning principles, human interaction, and game-based learning; (ii) We meticulously aligned the game design with the philosophical concept of social engineering attacks; (iii) We devised and crafted an advanced hybrid version of the game, incorporating the use of QR codes to generate game card data; (iv) We conducted an empirical evaluation encompassing surveys, observations, discussions, and URL assessments to assess the effectiveness of the proposed hybrid game version. Results: Quantitative data and qualitative observations suggest the “PhishDefend Quest” game successfully improved players’ comprehension of phishing threats and how to detect them through an interactive learning experience. The results highlight the potential of serious games to educate people about social engineering risks. Conclusion: Through the evaluation, we can readily arrive at the following conclusions: (i) Game-based learning proves to be a viable approach for educating participants about phishing awareness and the associated risks tied to the unnecessary disclosure of sensitive information online; (ii) Furthermore, game-based learning serves as an effective means of disseminating awareness among participants and players concerning prevalent phishing attacks.
Place, publisher, year, edition, pages
Elsevier B.V., 2024
Keywords
Education, Human factor in security, Information security, Phishing attack, Scam, Serious game, Computer crime, Cybersecurity, Digital devices, Ethical technology, Game design, Sensitive data, Digital age, Game-based Learning, Phishing, Phishing attacks, Serious gaming, Social engineering, Spear phishing, Serious games
National Category
Computer and Information Sciences
Identifiers
urn:nbn:se:mdh:diva-66282 (URN)10.1016/j.infsof.2024.107426 (DOI)001224413000001 ()2-s2.0-85187177892 (Scopus ID)
2024-03-202024-03-202024-05-29Bibliographically approved