Serious Games for Cyber Security Education

TL;DR

This paper presents the design and evaluation of a mobile serious game aimed at improving users' ability to avoid phishing attacks, demonstrating significant behavioral improvements through a user study.

Contribution

It introduces a game design framework for phishing education and develops a mobile game prototype to enhance threat avoidance behavior.

Findings

Participants showed significant improvement in phishing avoidance after playing the game.

Threat perception and self-efficacy positively influenced avoidance behavior.

Safeguard cost negatively impacted threat avoidance.

Abstract

Phishing is an online identity theft that aims to steal sensitive information such as username, passwords and online banking details from its victims. Phishing education needs to be considered as a means to combat this threat. This book focuses on a design and development of a mobile game prototype as an educational tool helping computer users to protect themselves against phishing attacks. The elements of a game design framework for avoiding phishing attacks were used to address the game design issues. The mobile game design aimed to enhance the user's avoidance behaviour through motivation to protect themselves against phishing threats. A think-aloud study was conducted, along with a pre- and post-test, to assess the game design framework through the developed mobile game prototype. The study results showed a significant improvement of participants' phishing avoidance behaviour in their post-test assessment. Furthermore, the study findings suggest that participants' threat perception, safeguard effectiveness, self-efficacy, perceived severity and perceived susceptibility elements positively impact threat avoidance behaviour, whereas safeguard cost had a negative impact on it.