Skip to main content
SpringerLink
Log in

A Serious Game to Improve Phishing Awareness

  • Conference paper
  • First Online:
Games and Learning Alliance (GALA 2022)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13647))

Included in the following conference series:

  • 945 Accesses

Abstract

This paper presents an experimental study in the form of an online serious game to increase IT security awareness regarding phishing. Prior studies have indicated the effectiveness of serious games concerning certain aspects of phishing attacks. This paper combines various aspects of social engineering attacks, existing prevention concepts, and gamification methods. A survey and interviews with 61 participants from different companies were conducted to measure the effectiveness. The findings suggest that using a serious game in context with phishing emails can be used beneficially and effectively.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 54.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 69.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Süddeutsche Zeitung Homepage. https://www.sueddeutsche.de/wirtschaft/internetsicherheit-die-groesste-schwach-stelle-ist-der-mensch-1.4338184. Accessed 21 July 2021

  2. Bitkom Homepage. https://de.statista.com/statistik/daten/studie/928943/umfrage/von-digitalen-angriffen-betroffene-unternehmen-nach-art-des-angriffs/. Accessed 30 Apr 2022

  3. Baral, G., Arachchilage, N.: Building confidence not to be phished through a gamified approach: conceptualising user’s self-efficacy in phishing threat avoidance behaviour. In: Cybersecurity and Cyberforensic Conference, CCC 2019, pp. 102–110. IEEE Computer Society Conference Publishing Services, Melbourne (2019)

    Google Scholar 

  4. Abawajy, J.: User preference of cyber security awareness delivery methods. Behav. Inf. Technol. 33(3), 237–248 (2014)

    Article  MathSciNet  Google Scholar 

  5. Sheng, S., et al.: Anti-phishing phil. In: 3rd Symposium of Usable Privacy and Security 2007, p. 88. ACM Press, New York (2007)

    Google Scholar 

  6. Springer Fachmedien Homepage. https://wirtschaftslexikon.gabler.de/definition/phishing-53396/version-276489. Accessed 01 Dec 2021

  7. Franz, A., Benlian, A.: Spear Phishing 2.0: Wie automatisierte Angriffe Organisationen vor neue Herausforderungen stellen. HMD Praxis der Wirtschaftsinformatik 57(3) 597–612 (2020)

    Google Scholar 

  8. Stirnimann, S.: Social engineering als modus operandi. In: Der Mensch als Risikofaktor bei Wirtschaftskriminalität, pp. 127–157, Springer, Wiesbaden (2018).https://doi.org/10.1007/978-3-658-20813-4_4

  9. Fox, D., Titze, C.: Phishing awareness durch gamification. Datenschutz und Datensicherheit – DuD 45(11) 727–732 (2021)

    Google Scholar 

  10. Bundesamt für Sicherheit in der Informationstechnik Homepage. https://www.bsi.bund.de/DE/Themen/Verbraucherinnen-und-Verbraucher/Cyber-Sicherheitslage/Methoden-der-Cyber-Kriminalitaet/Social-Engineering/social-engineering_node.html. Accessed 11 July 2022

  11. CPS.HUB Homepage. https://cps-hub-nrw.de/news/2015-02-09-wie-laesst-sich-das-it-sicherheitsbewusstsein-steigern. Accessed 05 May 2022

  12. IT Business Homepage. https://www.it-business.de/security-awareness-schulungen-zeigen-wirkung-a-1072669/. Accessed 05 May 2022

  13. Weber, K., Schütz, A., Fertig, T.: Grundlagen und Anwendung von Information Security Awareness: Mitarbeiter zielgerichtet für Informationssicherheit sensibilisieren. Springer, Wiesbaden (2019). https://doi.org/10.1007/978-3-658-26258-7

  14. Arachchilage, N., Love, S.: Security awareness of computer users: a phishing threat avoidance perspective. Comput. Hum. Behav. 38, 304–312 (2014)

    Article  Google Scholar 

  15. Bandura, A.: Self-efficacy: The Exercise of Control, 13th edn. Freeman, New York (2012)

    Google Scholar 

  16. Richter, S., Straub, T., Lucke, C.: Information security awareness – eine konzeptionelle Neubetrachtung. In: Multikonferenz Wirtschaftsinformatik 2018, Lüneburg, pp. 369–1380 (2018)

    Google Scholar 

  17. Gabler Homepage. https://wirtschaftslexikon.gabler.de/definition/motivation-38456. Accessed 24 Jan 2022

  18. Sailer, M.: Die Wirkung von Gamification auf Motivation und Leistung, pp. 111–116. Springer, Wiesbaden (2016). https://doi.org/10.1007/978-3-658-14309-1_4

  19. Kumaraguru, P., Sheng, S., Acquisti, A., Cranor, L., Hong, J.: Lessons from a real-world evaluation of anti-phishing training. In: ECRIME Researchers Summit 2008, pp. 1–12. IEEE (2008)

    Google Scholar 

  20. Statista Homepage. https://www.statista.com/statistics/1253420/employee-clicks-phishing-emails-by-age/. Accessed 26 Jan 2022

  21. Deterding, S., Dixon, D., Khaled, R., Nacke, L.: From game design elements to gamefulness. In: Proceedings of the 15th International Academic MindTrek Conference on Envisioning Future Media Environments – MINDTREK 2011, pp. 9–15. ACM Press, New York (2011)

    Google Scholar 

  22. Abt, C.: Serious Games. University Press of America, Lanham (1987)

    Google Scholar 

  23. Strahringer, S., Leyh, C.: Gamification und Serious Games: Grundlagen, Vorgehen und Anwendungen. Springer, Wiesbaden (2017). https://doi.org/10.1007/978-3-658-16742-4

  24. Becker, K.: What’s the difference between gamification, serious games, educational games, and game-based learning? Academia Lett. 209 (2021)

    Google Scholar 

  25. Creswell, J.: Research Design: Qualitative, Quantitative, and Mixed Methods Approach, 3rd edn. Sage, Los Angeles (2010)

    Google Scholar 

  26. Saunders, M., Lewis, P., Thornhill, A.: Research Methods for Business Students, 7th edn. Pearson, Harlow (2016)

    Google Scholar 

  27. Döring, N., Bortz, J.: Forschungsmethoden und Evaluation in den Sozial- und Humanwissenschaften. Springer, Wiesbaden (2016). https://doi.org/10.1007/978-3-642-41089-5

  28. Shadish, W., Cook, T., Campbell, D.: Experimental and Quasi-Experimental Designs for Generalized Causal Inference. Wadsworth Cengage Learning, Belmont (2002)

    Google Scholar 

  29. Erhel, S., Jamet, E.: Digital game-based learning: impact of instructions and feedback on motivation and learning effectiveness. Comput. Educ. 67, 156–167 (2013)

    Article  Google Scholar 

  30. Loosen, W.: Das Leitfadeninterview – eine unterschätzte Methode. In: Averbeck-Lietz, S., Meyen, M. (eds.) Handbuch nicht standardisierte Methoden in der Kommunikationswissenschaft. SN, pp. 139–155. Springer, Wiesbaden (2016). https://doi.org/10.1007/978-3-658-01656-2_9

    Chapter  Google Scholar 

  31. Morse, J.: The implications of interview type and structure in mixed-method designs. In: Gubrium, J., Holstein, J., Marvasti, A., McKinney, K. (eds.) The SAGE Handbook of Interview Research: The Complexity of the Craft, pp. 193–205. Sage Publications, Thousand Oaks (2012)

    Google Scholar 

  32. Mayring, P.: Qualitative Inhaltsanalyse: Grundlagen und Techniken, 11th edn. Beltz, Weinheim (2010)

    Google Scholar 

  33. Misoch, S.: Qualitative Interviews, 2nd edn. De Gruyter, Berlin (2019)

    Book  Google Scholar 

  34. Arachchilage, N.A.G., Love, S., Maple, C.: Can a mobile game teach computer users to thwart phishing attacks? Int. J. Infonom. 6(3–4), 720–730 (2013)

    Article  Google Scholar 

  35. Stieglitz, S., Lattemann, C., Robra-Bissantz, S., Zarnekow, R., Brockmann, T. (eds.): Gamification: Using Game Elements in Serious Contexts, pp. 6–8. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-45557-0

Download references

Author information

Authors and Affiliations

  1. Hochschule für Wirtschaft und Recht Berlin, Berlin, Germany

    Lilly Kassner & Avo Schönbohm

Authors
  1. Lilly Kassner
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Avo Schönbohm
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Avo Schönbohm .

Editor information

Editors and Affiliations

  1. Tampere University, Tampere, Finland

    Kristian Kiili

  2. Tampere University, Tampere, Finland

    Koskinen Antti

  3. Center for Advanced Pathogen Threat Response and Simulation, Austin, TX, USA

    Francesca de Rosa

  4. Tampere University, Tampere, Finland

    Muhterem Dindar

  5. Pädagogische Hochschule St.Gallen, St. Gallen, St. Gallen, Switzerland

    Michael Kickmeier-Rust

  6. University of Genova, Genova, Italy

    Francesco Bellotti

Rights and permissions

Reprints and permissions

Copyright information

© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Kassner, L., Schönbohm, A. (2022). A Serious Game to Improve Phishing Awareness. In: Kiili, K., Antti, K., de Rosa, F., Dindar, M., Kickmeier-Rust, M., Bellotti, F. (eds) Games and Learning Alliance. GALA 2022. Lecture Notes in Computer Science, vol 13647. Springer, Cham. https://doi.org/10.1007/978-3-031-22124-8_11

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-22124-8_11

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-22123-1

  • Online ISBN: 978-3-031-22124-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation