Can a Mobile Game Teach Computer Users to Thwart Phishing Attacks?

TL;DR

This study evaluates the effectiveness of a mobile game in teaching users to recognize and avoid phishing attacks, showing it outperforms traditional web-based learning in improving detection skills.

Contribution

It introduces a mobile game prototype designed to enhance phishing avoidance behavior and compares its effectiveness to traditional online education methods.

Findings

Mobile game participants better identified fraudulent sites.

Game-based learning improved phishing detection skills.

Traditional web learning was less effective.

Abstract

Phishing is an online fraudulent technique, which aims to steal sensitive information such as usernames, passwords and online banking details from its victims. To prevent this, anti-phishing education needs to be considered. This research focuses on examining the effectiveness of mobile game based learning compared to traditional online learning to thwart phishing threats. Therefore, a mobile game prototype was developed based on the design introduced by Arachchilage and Cole [3]. The game design aimed to enhance avoidance behaviour through motivation to thwart phishing threats. A website developed by Anti-Phishing Work Group (APWG) for the public Anti-phishing education initiative was used as a traditional web based learning source. A think-aloud experiment along with a pre- and post-test was conducted through a user study. The study findings revealed that the participants who played the mobile game were better able to identify fraudulent web sites compared to the participants who read the website without any training.