Education in the 'Virtual' Community: Can beating Malware Man teach users about Social Networking Security? |
Social Networks have become part of daily life for millions of people and by their very nature
Sercombe AA, Papadaki M
they encourage information sharing. 2011 was a year that saw numerous targeted "Spear
Phishing" attacks in which it was clear that attackers gained knowledge about victims prior to
carrying out their attacks. There is evidence that social media has been utilised as the source
for this information so therefore it is more important than ever that users are educated against
the risks.
This paper starts by looking at the current threats and awareness strategies. It then describes
the design and evaluation of an online game to help educate users. The game has a central
'Malware Man' character and a firewall which burns him if the player answers correctly. The
success of the game was evaluated using an experiment with a group of participants who had
played the game, and a control group who had not. 101 users participated in the study. The
results suggest that the game was successful in educating users as the average percentage of
correct answers was 77% for those who had played the game, compared to 55% for those who
had not.