Abstract
This paper presents an experimental study in the form of an online serious game to increase IT security awareness regarding phishing. Prior studies have indicated the effectiveness of serious games concerning certain aspects of phishing attacks. This paper combines various aspects of social engineering attacks, existing prevention concepts, and gamification methods. A survey and interviews with 61 participants from different companies were conducted to measure the effectiveness. The findings suggest that using a serious game in context with phishing emails can be used beneficially and effectively.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Süddeutsche Zeitung Homepage. https://www.sueddeutsche.de/wirtschaft/internetsicherheit-die-groesste-schwach-stelle-ist-der-mensch-1.4338184. Accessed 21 July 2021
Bitkom Homepage. https://de.statista.com/statistik/daten/studie/928943/umfrage/von-digitalen-angriffen-betroffene-unternehmen-nach-art-des-angriffs/. Accessed 30 Apr 2022
Baral, G., Arachchilage, N.: Building confidence not to be phished through a gamified approach: conceptualising user’s self-efficacy in phishing threat avoidance behaviour. In: Cybersecurity and Cyberforensic Conference, CCC 2019, pp. 102–110. IEEE Computer Society Conference Publishing Services, Melbourne (2019)
Abawajy, J.: User preference of cyber security awareness delivery methods. Behav. Inf. Technol. 33(3), 237–248 (2014)
Sheng, S., et al.: Anti-phishing phil. In: 3rd Symposium of Usable Privacy and Security 2007, p. 88. ACM Press, New York (2007)
Springer Fachmedien Homepage. https://wirtschaftslexikon.gabler.de/definition/phishing-53396/version-276489. Accessed 01 Dec 2021
Franz, A., Benlian, A.: Spear Phishing 2.0: Wie automatisierte Angriffe Organisationen vor neue Herausforderungen stellen. HMD Praxis der Wirtschaftsinformatik 57(3) 597–612 (2020)
Stirnimann, S.: Social engineering als modus operandi. In: Der Mensch als Risikofaktor bei Wirtschaftskriminalität, pp. 127–157, Springer, Wiesbaden (2018).https://doi.org/10.1007/978-3-658-20813-4_4
Fox, D., Titze, C.: Phishing awareness durch gamification. Datenschutz und Datensicherheit – DuD 45(11) 727–732 (2021)
Bundesamt für Sicherheit in der Informationstechnik Homepage. https://www.bsi.bund.de/DE/Themen/Verbraucherinnen-und-Verbraucher/Cyber-Sicherheitslage/Methoden-der-Cyber-Kriminalitaet/Social-Engineering/social-engineering_node.html. Accessed 11 July 2022
CPS.HUB Homepage. https://cps-hub-nrw.de/news/2015-02-09-wie-laesst-sich-das-it-sicherheitsbewusstsein-steigern. Accessed 05 May 2022
IT Business Homepage. https://www.it-business.de/security-awareness-schulungen-zeigen-wirkung-a-1072669/. Accessed 05 May 2022
Weber, K., Schütz, A., Fertig, T.: Grundlagen und Anwendung von Information Security Awareness: Mitarbeiter zielgerichtet für Informationssicherheit sensibilisieren. Springer, Wiesbaden (2019). https://doi.org/10.1007/978-3-658-26258-7
Arachchilage, N., Love, S.: Security awareness of computer users: a phishing threat avoidance perspective. Comput. Hum. Behav. 38, 304–312 (2014)
Bandura, A.: Self-efficacy: The Exercise of Control, 13th edn. Freeman, New York (2012)
Richter, S., Straub, T., Lucke, C.: Information security awareness – eine konzeptionelle Neubetrachtung. In: Multikonferenz Wirtschaftsinformatik 2018, Lüneburg, pp. 369–1380 (2018)
Gabler Homepage. https://wirtschaftslexikon.gabler.de/definition/motivation-38456. Accessed 24 Jan 2022
Sailer, M.: Die Wirkung von Gamification auf Motivation und Leistung, pp. 111–116. Springer, Wiesbaden (2016). https://doi.org/10.1007/978-3-658-14309-1_4
Kumaraguru, P., Sheng, S., Acquisti, A., Cranor, L., Hong, J.: Lessons from a real-world evaluation of anti-phishing training. In: ECRIME Researchers Summit 2008, pp. 1–12. IEEE (2008)
Statista Homepage. https://www.statista.com/statistics/1253420/employee-clicks-phishing-emails-by-age/. Accessed 26 Jan 2022
Deterding, S., Dixon, D., Khaled, R., Nacke, L.: From game design elements to gamefulness. In: Proceedings of the 15th International Academic MindTrek Conference on Envisioning Future Media Environments – MINDTREK 2011, pp. 9–15. ACM Press, New York (2011)
Abt, C.: Serious Games. University Press of America, Lanham (1987)
Strahringer, S., Leyh, C.: Gamification und Serious Games: Grundlagen, Vorgehen und Anwendungen. Springer, Wiesbaden (2017). https://doi.org/10.1007/978-3-658-16742-4
Becker, K.: What’s the difference between gamification, serious games, educational games, and game-based learning? Academia Lett. 209 (2021)
Creswell, J.: Research Design: Qualitative, Quantitative, and Mixed Methods Approach, 3rd edn. Sage, Los Angeles (2010)
Saunders, M., Lewis, P., Thornhill, A.: Research Methods for Business Students, 7th edn. Pearson, Harlow (2016)
Döring, N., Bortz, J.: Forschungsmethoden und Evaluation in den Sozial- und Humanwissenschaften. Springer, Wiesbaden (2016). https://doi.org/10.1007/978-3-642-41089-5
Shadish, W., Cook, T., Campbell, D.: Experimental and Quasi-Experimental Designs for Generalized Causal Inference. Wadsworth Cengage Learning, Belmont (2002)
Erhel, S., Jamet, E.: Digital game-based learning: impact of instructions and feedback on motivation and learning effectiveness. Comput. Educ. 67, 156–167 (2013)
Loosen, W.: Das Leitfadeninterview – eine unterschätzte Methode. In: Averbeck-Lietz, S., Meyen, M. (eds.) Handbuch nicht standardisierte Methoden in der Kommunikationswissenschaft. SN, pp. 139–155. Springer, Wiesbaden (2016). https://doi.org/10.1007/978-3-658-01656-2_9
Morse, J.: The implications of interview type and structure in mixed-method designs. In: Gubrium, J., Holstein, J., Marvasti, A., McKinney, K. (eds.) The SAGE Handbook of Interview Research: The Complexity of the Craft, pp. 193–205. Sage Publications, Thousand Oaks (2012)
Mayring, P.: Qualitative Inhaltsanalyse: Grundlagen und Techniken, 11th edn. Beltz, Weinheim (2010)
Misoch, S.: Qualitative Interviews, 2nd edn. De Gruyter, Berlin (2019)
Arachchilage, N.A.G., Love, S., Maple, C.: Can a mobile game teach computer users to thwart phishing attacks? Int. J. Infonom. 6(3–4), 720–730 (2013)
Stieglitz, S., Lattemann, C., Robra-Bissantz, S., Zarnekow, R., Brockmann, T. (eds.): Gamification: Using Game Elements in Serious Contexts, pp. 6–8. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-45557-0
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Kassner, L., Schönbohm, A. (2022). A Serious Game to Improve Phishing Awareness. In: Kiili, K., Antti, K., de Rosa, F., Dindar, M., Kickmeier-Rust, M., Bellotti, F. (eds) Games and Learning Alliance. GALA 2022. Lecture Notes in Computer Science, vol 13647. Springer, Cham. https://doi.org/10.1007/978-3-031-22124-8_11
Download citation
DOI: https://doi.org/10.1007/978-3-031-22124-8_11
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-22123-1
Online ISBN: 978-3-031-22124-8
eBook Packages: Computer ScienceComputer Science (R0)