In 2014, we launched our open-access repository which offers full text access to conference proceedings from many of our events including the INC and HAISA series. These papers are free to access and distribute (subject to citing the source).
Eleventh International Symposium on Human Aspects of Information Security & Assurance (HAISA 2017)
Title: Phish Phinder: A Game Design Approach to Enhance User Confidence in Mitigating Phishing Attacks
Author(s): Gaurav Misra, Nalin Asanka Gamagedara Arachchilage, Shlomo Berkovsky
Keywords: Phishing, Human Aspects of Security, Serious Games for Security
Abstract: Phishing is an especially challenging cyber security threat as it does not attack computer systems, but targets the user who works on that system by relying on the vulnerability of their decision-making ability. Phishing attacks can be used to gather sensitive information from victims and can have devastating impact if they are successful in deceiving the user. Several anti-phishing tools have been designed and implemented but they have been unable to solve the problem adequately. This failure is often due to security experts overlooking the human element and ignoring their fallibility in making trust decisions online. In this paper, we present Phish Phinder, a serious game designed to enhance the user’s confidence in mitigating phishing attacks by providing them with both conceptual and procedural knowledge about phishing. The user is trained through a series of gamified challenges, designed to educate them about important phishing related concepts, through an interactive user interface. Key elements of the game interface were identified through an empirical study with the aim of enhancing user interaction with the game. We also adopted several persuasive design principles while designing Phish Phinder to enhance phishing avoidance behaviour among users.
Download count: 665
How to get this paper:
PDF copy of this paper is free to download. You may distribute this copy providing you cite this page as the source.