https://www.mdu.se/

mdu.sePublications
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Can serious gaming tactics bolster spear-phishing and phishing resilience?: Securing the human hacking in Information Security
School of Software, Northwestern Polytechnical University, Shaanxi, Xian, 710072, China.
Department of Computer Science, Emerson University, Multan, Pakistan.
School of Software, Northwestern Polytechnical University, Shaanxi, Xian, 710072, China.
Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.ORCID iD: 0000-0003-0611-2655
Show others and affiliations
2024 (English)In: Information and Software Technology, ISSN 0950-5849, E-ISSN 1873-6025, Vol. 170, article id 107426Article in journal (Refereed) Published
Abstract [en]

Context: In the digital age, there is a notable increase in fraudulent activities perpetrated by social engineers who exploit individuals’ limited knowledge of digital devices. These actors strategically manipulate human psychology, targeting IT devices to gain unauthorized access to sensitive data. Objectives: Our study is centered around two distinct objectives to be accomplished through the utilization of a serious game: (i) The primary objective entails delivering training and educational content to participants with a focus on phishing attacks; (ii) The secondary objective aims to heighten participants’ awareness regarding the perils associated with divulging excessive information online. Methodology: To address these objectives, we have employed the following techniques and methods: (i) A comprehensive literature review was conducted to establish foundational knowledge in areas such as social engineering, game design, learning principles, human interaction, and game-based learning; (ii) We meticulously aligned the game design with the philosophical concept of social engineering attacks; (iii) We devised and crafted an advanced hybrid version of the game, incorporating the use of QR codes to generate game card data; (iv) We conducted an empirical evaluation encompassing surveys, observations, discussions, and URL assessments to assess the effectiveness of the proposed hybrid game version. Results: Quantitative data and qualitative observations suggest the “PhishDefend Quest” game successfully improved players’ comprehension of phishing threats and how to detect them through an interactive learning experience. The results highlight the potential of serious games to educate people about social engineering risks. Conclusion: Through the evaluation, we can readily arrive at the following conclusions: (i) Game-based learning proves to be a viable approach for educating participants about phishing awareness and the associated risks tied to the unnecessary disclosure of sensitive information online; (ii) Furthermore, game-based learning serves as an effective means of disseminating awareness among participants and players concerning prevalent phishing attacks.

Place, publisher, year, edition, pages
Elsevier B.V. , 2024. Vol. 170, article id 107426
Keywords [en]
Education, Human factor in security, Information security, Phishing attack, Scam, Serious game, Computer crime, Cybersecurity, Digital devices, Ethical technology, Game design, Sensitive data, Digital age, Game-based Learning, Phishing, Phishing attacks, Serious gaming, Social engineering, Spear phishing, Serious games
National Category
Computer and Information Sciences
Identifiers
URN: urn:nbn:se:mdh:diva-66282DOI: 10.1016/j.infsof.2024.107426ISI: 001224413000001Scopus ID: 2-s2.0-85187177892OAI: oai:DiVA.org:mdh-66282DiVA, id: diva2:1845843
Available from: 2024-03-20 Created: 2024-03-20 Last updated: 2024-05-29Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full textScopus

Authority records

Afzal, WasifRaza, Shahid

Search in DiVA

By author/editor
Afzal, WasifRaza, Shahid
By organisation
Embedded Systems
In the same journal
Information and Software Technology
Computer and Information Sciences

Search outside of DiVA

GoogleGoogle Scholar

doi
urn-nbn

Altmetric score

doi
urn-nbn
Total: 71 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf