Abstract
Phishing is an especially challenging cyber security threat as it does not attack computer systems, but targets the user who works on that system by relying on the vulnerability of their decision-making ability. Phishing attacks can be used to gather sensitive information from victims and can have devastating impact if they are successful in deceiving the user. Several anti-phishing tools have been designed and implemented but they have been unable to solve the problem adequately. This failure is often due to security experts overlooking the human
element and ignoring their fallibility in making trust decisions online. In this paper, we present Phish Phinder, a serious game designed to enhance the user’s confidence in mitigating phishing attacks by providing them with both conceptual and procedural knowledge about phishing. The user is trained through a series of gamified challenges, designed to educate them about important phishing related concepts, through an interactive user interface. Key elements of the game interface were identified through an empirical study with the aim of enhancing user interaction with the game. We also adopted several persuasive design principles while designing Phish Phinder to enhance phishing avoidance behaviour among users.
element and ignoring their fallibility in making trust decisions online. In this paper, we present Phish Phinder, a serious game designed to enhance the user’s confidence in mitigating phishing attacks by providing them with both conceptual and procedural knowledge about phishing. The user is trained through a series of gamified challenges, designed to educate them about important phishing related concepts, through an interactive user interface. Key elements of the game interface were identified through an empirical study with the aim of enhancing user interaction with the game. We also adopted several persuasive design principles while designing Phish Phinder to enhance phishing avoidance behaviour among users.
Original language | English |
---|---|
Title of host publication | Proceedings of the Eleventh International Symposium on Human Aspects of Information Security & Assurance (HAISA 2017) |
Editors | Steven Furnell, Nathan L. Clarke |
Place of Publication | Australia |
Publisher | DBLP computer science bibliography |
Pages | 41-51 |
Number of pages | 11 |
ISBN (Electronic) | 9781841024288 |
Publication status | Published - 2017 |
Externally published | Yes |
Event | Eleventh International Symposium on Human Aspects of Information Security & Assurance, HAISA 2017 - Adelaide, Australia Duration: 28 Nov 2017 → 30 Nov 2017 |
Conference
Conference | Eleventh International Symposium on Human Aspects of Information Security & Assurance, HAISA 2017 |
---|---|
Country/Territory | Australia |
City | Adelaide |
Period | 28/11/17 → 30/11/17 |
Keywords
- phishing
- human aspects of security
- serious games for security