Abstract
Phishing is a constant threat to the online security of end-users. Since technical measures currently fall short of preventing phishing attacks completely, educating end-users is an important factor in reducing the risk of successful attacks. Here, game-based learning has emerged as a scalable, motivational educational approach. While learning games that focus on phishing emails have been created in the past, they mainly include simple game mechanics, which do not map to the complex decisions that are involved in recognizing malicious emails. To this end, we present a novel anti-phishing learning game, consisting of two different game modes: Either, players have to create phishing emails from given templates themselves, or they have to analyze emails for malicious cues and mark relevant parts. The game is designed for a broad target group of adult users with little to no prior knowledge about phishing. To facilitate immersion, the game content is generated automatically and allows for personalization. This paper presents the design, implementation, and a preliminary usability evaluation of the game.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
https://gitlab.com/learntech-rwth/erbse/email-game, accessed 21.09.2022.
- 2.
https://mtlg-framework.gitlab.io/, accessed 22.09.2022.
- 3.
https://xapi.com/, accessed 22.06.2022.
References
Anti-Phishing Working Group: Phishing Attack Trends Report, 1st Quarter 2022. Report, Anti-Phishing Working Group (2022). https://docs.apwg.org/reports/apwg_trends_report_q1_2022.pdf
Cialdini, R.B.: Influence: The Psychology of Persuasion, Revised William Morrow, New York (2006)
Das, A., Baki, S., El Aassal, A., Verma, R., Dunbar, A.: SoK: a comprehensive reexamination of phishing research from the security perspective. IEEE Commun. Surv. Tutorials 22(1), 671–708 (2019). https://doi.org/10.1109/COMST.2019.2957750
Hodges, J., Jones, J., Jones, M.B., Kumar, A., Lundberg, E.: Web authentication: an API for accessing public key credentials (2021). https://www.w3.org/TR/webauthn/
Parsons, K., Butavicius, M., Pattinson, M., Calic, D., Mccormac, A., Jerram, C.: Do users focus on the correct cues to differentiate between phishing and genuine emails? arXiv preprint arXiv:1605.04717 (2016)
Roepke, R., Drury, V., Meyer, U., Schroeder, U.: Exploring different game mechanics for anti-phishing learning games. In: de Rosa, F., Marfisi Schottman, I., Baalsrud Hauge, J., Bellotti, F., Dondio, P., Romero, M. (eds.) GALA 2021. LNCS, vol. 13134, pp. 34–43. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-92182-8_4
Roepke, R., Drury, V., Meyer, U., Schroeder, U.: Exploring and evaluating different game mechanics for anti-phishing learning games. Int. J. Serious Games 9(3), 23–41 (2022). https://doi.org/10.17083/ijsg.v9i3.501
Roepke, R., Drury, V., Schroeder, U., Meyer, U.: A modular architecture for personalized learning content in anti-phishing learning games. In: Götz, S., Linsbauer, L., Schaefer, I., Wortmann, A. (eds.) SE-SE 2021: Software Engineering 2021 Satellite Events - Workshops and Tools & Demos, pp. 1–8. CEUR (2021). https://doi.org/10.18154/RWTH-2021-02420
Roepke, R., Koehler, K., Drury, V., Schroeder, U., Wolf, M.R., Meyer, U.: A pond full of phishing games - analysis of learning games for anti-phishing education. In: Hatzivasilis, G., Ioannidis, S. (eds.) MSTEC 2020. LNCS, vol. 12512, pp. 41–60. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-62433-0_3
Shi, F.: Threat Spotlight: Coronavirus-Related Phishing (2020). https://blog.barracuda.com/2020/03/26/threat-spotlight-coronavirus-related-phishing/
Weanquoi, P., Johnson, J., Zhang, J.: Using a game to teach about phishing. In: 18th Annual Conference on Information Technology Education, p. 75. SIGITE 2017, Association for Computing Machinery, New York (2017). https://doi.org/10.1145/3125659.3125669
Wen, Z.A., Lin, Z., Chen, R., Andersen, E.: What. hack: engaging anti-phishing training through a role-playing phishing simulation game. In: 2019 CHI Conference on Human Factors in Computing Systems. CHI 2019, Association for Computing Machinery, New York (2019). https://doi.org/10.1145/3290605.3300338
Zielinska, O.A., Welk, A.K., Mayhorn, C.B., Murphy-Hill, E.: A temporal analysis of persuasion principles in phishing emails. Hum. Factors Ergonomics Soc. Annu. Meet. 60(1), 765–769 (2016). https://doi.org/10.1177/1541931213601175
Acknowledgments
This research was supported by the research training group “Human Centered Systems Security” (North Rhine-Westphalia, Germany).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Roepke, R., Drury, V., Peess, P., Johnen, T., Meyer, U., Schroeder, U. (2022). More Than Meets the Eye - An Anti-Phishing Learning Game with a Focus on Phishing Emails. In: Kiili, K., Antti, K., de Rosa, F., Dindar, M., Kickmeier-Rust, M., Bellotti, F. (eds) Games and Learning Alliance. GALA 2022. Lecture Notes in Computer Science, vol 13647. Springer, Cham. https://doi.org/10.1007/978-3-031-22124-8_12
Download citation
DOI: https://doi.org/10.1007/978-3-031-22124-8_12
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-22123-1
Online ISBN: 978-3-031-22124-8
eBook Packages: Computer ScienceComputer Science (R0)