Serious Games for Cyber Security Education
This work addresses phishing education for computer users, but it is incremental as it applies an existing game design framework to a mobile prototype.
The paper tackled the problem of phishing attacks by designing a mobile game prototype to educate users, resulting in a significant improvement in participants' phishing avoidance behavior as shown in post-test assessments.
Phishing is an online identity theft that aims to steal sensitive information such as username, passwords and online banking details from its victims. Phishing education needs to be considered as a means to combat this threat. This book focuses on a design and development of a mobile game prototype as an educational tool helping computer users to protect themselves against phishing attacks. The elements of a game design framework for avoiding phishing attacks were used to address the game design issues. The mobile game design aimed to enhance the user's avoidance behaviour through motivation to protect themselves against phishing threats. A think-aloud study was conducted, along with a pre- and post-test, to assess the game design framework through the developed mobile game prototype. The study results showed a significant improvement of participants' phishing avoidance behaviour in their post-test assessment. Furthermore, the study findings suggest that participants' threat perception, safeguard effectiveness, self-efficacy, perceived severity and perceived susceptibility elements positively impact threat avoidance behaviour, whereas safeguard cost had a negative impact on it.