ABSTRACT
Phishing continues to be a difficult problem for individuals and organisations. Educational games and simulations have been increasingly acknowledged as versatile and powerful teaching tools, yet little work has examined how to engage users with these games. We explore this problem by conducting workshops with 9 younger adults and reporting on their expectations for cybersecurity educational games. We find a disconnect between casual and serious gamers, where casual gamers prefer simple games incorporating humour while serious gamers demand a congruent narrative or storyline. Importantly, both demographics agree that educational games should prioritise gameplay over information provision -- i.e. the game should be a game with educational content. We discuss the implications for educational games developers.
- Nalin Asanka Gamagedara Arachchilage and Steve Love. 2014. Security awareness of computer users: A phishing threat avoidance perspective. Computers in Human Behavior 38 (2014), 304--312. Google ScholarDigital Library
- Nalin Asanka Gamagedara Arachchilage, Steve Love, and Konstantin Beznosov. 2016. Phishing threat avoidance behaviour: An empirical investigation. Computers in Human Behavior 60 (2016), 185--197. Google ScholarDigital Library
- Virginia Braun, Victoria Clarke, and Gareth Terry. 2014. Thematic analysis. Qual Res Clin Health Psychol 24 (2014), 95--114.Google Scholar
- Gamze Canova, Melanie Volkamer, Clemens Bergmann, and Benjamin Reinheimer. 2015. NoPhish app evaluation: lab and retention study. USEC. Internet Society (2015).Google Scholar
- Ching-Yi Chang and Gwo-Jen Hwang. 2019. Trends in digital game-based learning in the mobile era: a systematic review of journal publications from 2007 to 2016. International Journal of Mobile Learning and Organisation 13, 1 (2019), 68--90. Google ScholarCross Ref
- Ponemon Institute. 2018. 2018 Cost of a Data Breach Study: Global Overview. Technical Report. IBM.Google Scholar
- Jurjen Jansen and Paul van Schaik. 2019. The design and evaluation of a theory-based intervention to promote security behaviour against phishing. International Journal of Human-Computer Studies 123 (2019), 40--55.Google ScholarCross Ref
- Iacovos Kirlappos and M Angela Sasse. 2012. Security education against phishing: A modest proposal for a major rethink. IEEE Security & Privacy 10, 2 (2012), 24--32. Google ScholarDigital Library
- Rebecca Klahr, Sophie Amili, Jayesh Navin Shah, Mark Button, and Victoria Wang. 2016. Cyber security breaches survey 2016. UK Government, Ipsos MORI and University of Portsmouth. DOI= http://bit. ly/1T4MveX (2016).Google Scholar
- Aamna Mohdin. 2018. Scammers target students with fake tax refund emails. https://www.theguardian.com/money/2018/nov/17/scammers-target-students-with-fake-tax-refund-emailsGoogle Scholar
- James Nicholson, Lynne Coventry, and Pam Briggs. 2018. Introducing the cybersurvival task: assessing and addressing staff beliefs about effective cyber protection. In Fourteenth Symposium on Usable Privacy and Security ({SOUPS} 2018). 443--457. Google ScholarDigital Library
- Lorelli S Nowell, Jill M Norris, Deborah E White, and Nancy J Moules. 2017. Thematic analysis: Striving to meet the trustworthiness criteria. International Journal of Qualitative Methods 16, 1 (2017), 1609406917733847.Google ScholarCross Ref
- Sankalp Pandit, Sukanya Vaddepalli, Harshal Tupsamudre, Vijayanand Banahatti, and Sachin Lodha. 2018. PHISHYA Serious Game to Train Enterprise Users on Phishing Awareness. In Proceedings of the 2018 Annual Symposium on Computer-Human Interaction in Play Companion Extended Abstracts. ACM, 169--181. Google ScholarDigital Library
- Steve Sheng, Mandy Holbrook, Ponnurangam Kumaraguru, Lorrie Faith Cranor, and Julie Downs. 2010. Who falls for phish?: a demographic analysis of phishing susceptibility and effectiveness of interventions. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems. ACM, 373--382. Google ScholarDigital Library
- Steve Sheng, Bryant Magnien, Ponnurangam Kumaraguru, Alessandro Acquisti, Lorrie Faith Cranor, Jason Hong, and Elizabeth Nunge. 2007. Anti-phishing phil: the design and evaluation of a game that teaches people not to fall for phish. In Proceedings of the 3rd symposium on Usable privacy and security. ACM, 88--99. Google ScholarDigital Library
- Amber A Smith-Ditizio and Alan D Smith. 2019. Computer Fraud Challenges and Its Legal Implications. In Advanced Methodologies and Technologies in System Security, Information Privacy, and Forensics. IGI Global, 152--165.Google Scholar
Index Terms
-
Engaging Users with Educational Games: The Case of Phishing
-
Recommendations
-
Designing entertaining educational games using procedural rhetoric: a case study
Sandbox '10: Proceedings of the 5th ACM SIGGRAPH Symposium on Video GamesIn the paper we describe the design and development of a video game about sustainable energy use that effectively unites fun with learning. We also present results from an initial study of the educational impact of the game. Many educational games do ...
-
Towards a novel paradigm for educational games: the augmented learning environment of 'Europe 2045'
MindTrek '08: Proceedings of the 12th international conference on Entertainment and media in the ubiquitous eraThis paper introduces the concept of an augmented learning environment into the field of game-based learning. An augmented learning environment (ALE) combines principles of on-line multiplayer computer games with social, role-playing games in order to ...
-
Enhancing the educational value of video games
SPECIAL ISSUE: Media Arts and Games (Part II)Lowering the barrier between education and real entertainment is an important challenge in order to better exploit the potential of computers and reach a demographic that is traditionally averse to learning. To this end, it is important to investigate ...
Comments