Phish phinder: a game design approach to enhance user confidence in mitigating phishing attacks

G. Misra, N. A. G. Arachchilage, S. Berkovsky

Research output: Chapter in Book/Report/Conference proceedingConference proceeding contributionpeer-review

Abstract

Phishing is an especially challenging cyber security threat as it does not attack computer systems, but targets the user who works on that system by relying on the vulnerability of their decision-making ability. Phishing attacks can be used to gather sensitive information from victims and can have devastating impact if they are successful in deceiving the user. Several anti-phishing tools have been designed and implemented but they have been unable to solve the problem adequately. This failure is often due to security experts overlooking the human
element and ignoring their fallibility in making trust decisions online. In this paper, we present Phish Phinder, a serious game designed to enhance the user’s confidence in mitigating phishing attacks by providing them with both conceptual and procedural knowledge about phishing. The user is trained through a series of gamified challenges, designed to educate them about important phishing related concepts, through an interactive user interface. Key elements of the game interface were identified through an empirical study with the aim of enhancing user interaction with the game. We also adopted several persuasive design principles while designing Phish Phinder to enhance phishing avoidance behaviour among users.
Original languageEnglish
Title of host publicationProceedings of the Eleventh International Symposium on Human Aspects of Information Security & Assurance (HAISA 2017)
EditorsSteven Furnell, Nathan L. Clarke
Place of PublicationAustralia
PublisherDBLP computer science bibliography
Pages41-51
Number of pages11
ISBN (Electronic)9781841024288
Publication statusPublished - 2017
Externally publishedYes
EventEleventh International Symposium on Human Aspects of Information Security & Assurance, HAISA 2017 - Adelaide, Australia
Duration: 28 Nov 201730 Nov 2017

Conference

ConferenceEleventh International Symposium on Human Aspects of Information Security & Assurance, HAISA 2017
CountryAustralia
CityAdelaide
Period28/11/1730/11/17

Keywords

  • phishing
  • human aspects of security
  • serious games for security

Fingerprint

Dive into the research topics of 'Phish phinder: a game design approach to enhance user confidence in mitigating phishing attacks'. Together they form a unique fingerprint.

Cite this