Engaging Users with Educational Games: The Case of Phishing

doi:10.1145/3290607.3313026

Paper

Engaging Users with Educational Games: The Case of Phishing

Published Mar 7, 2019 · Matt Dixon, N. Arachchilage, James Nicholson

Extended Abstracts of the 2019 CHI Conference on Human Factors in Computing Systems

UNKNOWN SJR score

19

Citations

2

Influential Citations

Full textSemantic Scholar

Abstract

Phishing continues to be a difficult problem for individuals and organisations. Educational games and simulations have been increasingly acknowledged as versatile and powerful teaching tools, yet little work has examined how to engage users with these games. We explore this problem by conducting workshops with 9 younger adults and reporting on their expectations for cybersecurity educational games. We find a disconnect between casual and serious gamers, where casual gamers prefer simple games incorporating humour while serious gamers demand a congruent narrative or storyline. Importantly, both demographics agree that educational games should prioritise gameplay over information provision -- i.e. the game should be a game with educational content. We discuss the implications for educational games developers.

Observational Study

Study Snapshot

Young adults expect cybersecurity educational games to prioritize gameplay over information, with casual gamers preferring simple games with humour and serious gamers demanding a congruent narrative or storyline.

PopulationOlder adults (50-71 years)

Sample size24

MethodsObservational

OutcomesBody Mass Index projections

ResultsSocial networks mitigate obesity in older groups.

Sign up to use Study Snapshot

Consensus is limited without an account. Create an account or sign in to get more searches and use the Study Snapshot.

Create an account

Paper

Engaging Users with Educational Games: The Case of Phishing

Sign up to use Study Snapshot

References

Cyber Security Breaches Survey 2020

Cyber security threats have evolved and increased in frequency, leading to a worsening situation for businesses and charities in the UK.

The design and evaluation of a theory-based intervention to promote security behaviour against phishing

Fear appeals can positively impact user cognitions, attitudes, and behavioral intentions, potentially promoting security behavior against phishing attacks.

PHISHY - A Serious Game to Train Enterprise Users on Phishing Awareness

Phishy, a game-based phishing awareness training, significantly improves phishing link identification among 8071 associates after completion.

Introducing the Cybersurvival Task: Assessing and Addressing Staff Beliefs about Effective Cyber Protection

The Cybersurvival Task identifies employees' cybersecurity misconceptions and helps organizations tailor policies and training events to specific staff groups.

Thematic Analysis

This paper provides guidance for conducting a rigorous and trustworthily thematic analysis, enhancing the traceability and verification of qualitative research.

Citations

Cybersafe: Gamifying Cybersecurity Training with a Training App

Cybersafe is a gamified, user-friendly mobile application that empowers users to identify and combat common social engineering exploits effectively, transforming traditional cybersecurity training.

A systematic review of current cybersecurity training methods

Most cybersecurity training studies show positive effects, with game-based methods being most effective in improving organizational cybersecurity behaviors.

TASEP: A Collaborative Social Engineering Tabletop Role-Playing Game to Prevent Successful Social Engineering Attacks

TASEP is a highly immersive and flexible tabletop game for social engineering awareness training, promoting an entertaining and engaging learning experience for students.

Human and Cognitive Factors involved in Phishing Detection. A Literature Review

Human and cognitive factors significantly influence phishing detection, highlighting the need for future cybersecurity research to integrate human cognitive and psychological factors.

A Game or Notes? The Use of a Customized Mobile Game to Improve Teenagers' Phishing Knowledge, Case of Tanzania

A customized mobile game tailored to the African context improves teenagers' phishing knowledge and retention compared to traditional teaching methods.

MailTrout: A Machine Learning Browser Extension for Detecting Phishing Emails

MailTrout is a machine learning-based browser extension that effectively detects phishing emails and provides high usability for end-users.

Characterizing Student Engagement Moods for Dropout Prediction in Question Pool Websites

Students' engagement moods can predict dropout rates in Question Pool websites, with Dropout-Plus outperforming rival algorithms in accuracy, F1-measure, and AUC.

Implement a Model for Describing and Maximising Security Knowledge Sharing

The Mobile Security Game enhances information security training by facilitating and encouraging Security Knowledge Sharing among employees, enhancing their ability to protect themselves against security attacks.