Can serious gaming tactics bolster spear-phishing and phishing resilience? : Securing the human hacking in Information Security

In the digital age, there is a notable increase in fraudulent activities perpetrated by social engineers who exploit individuals’ limited knowledge of digital devices. These actors strategically manipulate human psychology, targeting IT devices to gain unauthorized access to sensitive data. Our stud...

Full description

Saved in:
Bibliographic Details
Published in:Information and software technology 2024-06, Vol.170, p.107426, Article 107426
Main Authors: Yasin, Affan, Fatima, Rubia, JiangBin, Zheng, Afzal, Wasif, Raza, Shahid
Format: Article
Language:English
Subjects:
Computer crime
Cybersecurity
Digital age
Digital devices
Education
Ethical technology
Game design
Game-based Learning
Human factor in security
Information security
Phishing
Phishing attack
Phishing attacks
Scam
Sensitive data
Serious game
Serious games
Serious gaming
Social engineering
Spear phishing
Citations: Items that this one cites
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:In the digital age, there is a notable increase in fraudulent activities perpetrated by social engineers who exploit individuals’ limited knowledge of digital devices. These actors strategically manipulate human psychology, targeting IT devices to gain unauthorized access to sensitive data. Our study is centered around two distinct objectives to be accomplished through the utilization of a serious game: (i) The primary objective entails delivering training and educational content to participants with a focus on phishing attacks; (ii) The secondary objective aims to heighten participants’ awareness regarding the perils associated with divulging excessive information online. To address these objectives, we have employed the following techniques and methods: (i) A comprehensive literature review was conducted to establish foundational knowledge in areas such as social engineering, game design, learning principles, human interaction, and game-based learning; (ii) We meticulously aligned the game design with the philosophical concept of social engineering attacks; (iii) We devised and crafted an advanced hybrid version of the game, incorporating the use of QR codes to generate game card data; (iv) We conducted an empirical evaluation encompassing surveys, observations, discussions, and URL assessments to assess the effectiveness of the proposed hybrid game version. Quantitative data and qualitative observations suggest the “PhishDefend Quest” game successfully improved players’ comprehension of phishing threats and how to detect them through an interactive learning experience. The results highlight the potential of serious games to educate people about social engineering risks. Through the evaluation, we can readily arrive at the following conclusions: (i) Game-based learning proves to be a viable approach for educating participants about phishing awareness and the associated risks tied to the unnecessary disclosure of sensitive information online; (ii) Furthermore, game-based learning serves as an effective means of disseminating awareness among participants and players concerning prevalent phishing attacks.
ISSN:0950-5849
1873-6025
1873-6025
DOI:10.1016/j.infsof.2024.107426