The Phishing Game: An Analog Game To Defend UK Organisations From Phishing

Henderson, Niklas (2024) The Phishing Game: An Analog Game To Defend UK Organisations From Phishing. In: 2023 Defence and Security Doctoral Symposium, 2024-01-31 - 2024-02-01.

Full text not available from this repository. (Request a copy)


In 2022, 39% of all UK businesses identified a cyber attack against their own organisation. Cyber attacks have not only the power to financially impact an organisation, but can cause the loss/theft of personal data, affect critical national infrastructure, and have the potential to affect national democratic processes. A great detail of research focuses on understanding vulnerabilities, protecting systems, and in some cases initiating red team strategies. Despite these technological approaches to protecting the UK, the most common attack vector remains focused at individual employees, through attacks such as phishing (83% of identified attacks). Humans remain the most exploitable endpoint in an organisation, and a well informed employee be the difference between protecting their business, or facilitating a potentially debilitating cyber attack. From the field of disinformation research, inoculation theory pre-exposes a participant to a weakened version of a persuasive argument to increase resistance to disinformation. Researchers have used inoculation theory in both physical and digital games, with participants yielding positive results identifying false information, and resisting “fake news.” Phishing attacks are often overlooked as a form of disinformation, and inoculation theory is yet to be utilised to help combat this. This research focuses on using game design methods from both inoculation theory and serious game research to create an analog serious game. In The Phishing Game, players take it in turns to identify different types of phishing attacks, to ensure the survival or their company and the protection of their customers. Players also use a number of Action Cards to help protect themselves, and play competitively with their teammates. The Phishing Game can be used as an alternative training tool for employees against phishing within organisations.

Item Type: Conference or Workshop Item (Poster)
Faculty \ School: Faculty of Science > School of Computing Sciences
Depositing User: LivePure Connector
Date Deposited: 04 Mar 2024 16:34
Last Modified: 04 Mar 2024 16:34
DOI: 10.17862/cranfield.rd.25039922.v1

Actions (login required)

View Item View Item