The disPHISHinformation Game: Creating a Serious Game to Fight Phishing Using Blended Design Approaches

Henderson, Niklas ORCID: https://orcid.org/0000-0003-1585-9531, Pallett, Helen ORCID: https://orcid.org/0000-0001-5014-6356, van der Linden, Sander, Montanarini, Jake and Buckley, Oliver ORCID: https://orcid.org/0000-0003-1502-5721 (2024) The disPHISHinformation Game: Creating a Serious Game to Fight Phishing Using Blended Design Approaches. In: International Conference on Applied Human Factors and Ergonomics, 2024-07-24 - 2024-07-27, Université Côte d'Azur.

[thumbnail of 978-1-964867-03-8_14]
Preview
PDF (978-1-964867-03-8_14) - Published Version
Download (1MB) | Preview

Abstract

Abstract: In 2022, 39% of all UK businesses reported identifying a cyber security attack against their own organisation, 83% of which were phishing attempts. A large body of research in cyber security focuses on technical solutions, however humans remain one of the most exploitable endpoints in an organisation. Traditional security training within organisations commonly includes point-and-click exercises and simple video media that employees are required to complete. These training exercises are often seen as unengaging and tedious, and employees are commonly pushed to complete training rather than encouraged to learn and self-educate. Simulations and games are increasingly being deployed for training purposes in organisations, however often either (a) simply raise cyber security awareness rather than deliver key security policy and content, or (b) lack accessibility with complex game pieces and rules not easily understandable by those not accustomed to playing games. We introduce the disPHISHinformation game: a customisable serious game to deliver phishing training specific to the threats businesses face on a day-to-day basis. Drawing on existing taxonomies, the game delivers content on email, voice, and SMS social engineering attacks, in a format that educates players in key social engineering features. In collaboration with a large service organisation, we have also developed a customised edition of disPHISHinformation game which reflects the targeted attacks faced by their staff. By creating an analog serious game to deliver key phishing training, we can stimulate higher employee engagement and deliver a more memorable experience.

Item Type: Conference or Workshop Item (Paper)
Faculty \ School: Faculty of Science > School of Computing Sciences
Faculty of Science > School of Environmental Sciences
UEA Research Groups: Faculty of Science > Research Groups > Environmental Social Sciences
Depositing User: LivePure Connector
Date Deposited: 02 Jul 2024 08:30
Last Modified: 24 Sep 2024 07:25
URI: https://ueaeprints.uea.ac.uk/id/eprint/95732
DOI: 10.54941/ahfe1004774

Downloads

Downloads per month over past year

Actions (login required)

View Item View Item