Skip to main content
SpringerLink
Log in

A Pond Full of Phishing Games - Analysis of Learning Games for Anti-Phishing Education

  • Conference paper
  • First Online:
Model-driven Simulation and Training Environments for Cybersecurity (MSTEC 2020)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 12512))

Abstract

Game-based learning is a promising approach to anti-phishing education, as it fosters motivation and can help reduce the perceived difficulty of the educational material. Over the years, several prototypes for game-based applications have been proposed, that follow different approaches in content selection, presentation, and game mechanics. In this paper, a literature and product review of existing learning games is presented. Based on research papers and accessible applications, an in-depth analysis was conducted, encompassing target groups, educational contexts, learning goals based on Bloom’s Revised Taxonomy, and learning content. As a result of this review, we created the publications on games (POG) data set for the domain of anti-phishing education. While there are games that can convey factual and conceptual knowledge, we find that most games are either unavailable, fail to convey procedural knowledge or lack technical depth. Thus, we identify potential areas of improvement for games suitable for end-users in informal learning contexts.

R. Roepke, K. Koehler and V. Drury—Contributed equally.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://dl.acm.org/, last accessed on 2020-07-13.

  2. 2.

    https://scholar.google.de/, last accessed on 2020-07-13.

  3. 3.

    https://ieeexplore.ieee.org/, last accessed on 2020-07-13.

  4. 4.

    https://www.dropbox.com/, last accessed on 2020-04-27.

  5. 5.

    https://github.com/, last accessed 2020-04-07.

  6. 6.

    https://url.spec.whatwg.org/, last accessed 2020-04-07.

References

  1. Shi, F.: Threat Spotlight: Coronavirus-Related Phishing (2020). https://blog.barracuda.com/2020/03/26/threat-spotlight-coronavirus-related-phishing/

  2. Anti-Phishing Working Group: Phishing Attack Trends Report, 4th Quarter 2019. Report, Anti-Phishing Working Group (2020). https://docs.apwg.org/reports/apwg_trends_report_q4_2019.pdf

  3. Gupta, B.B., Tewari, A., Jain, A.K., Agrawal, D.P.: Fighting against phishing attacks: state of the art and future challenges. Neural Comput. Appl. 28(12), 3629–3654 (2016). https://doi.org/10.1007/s00521-016-2275-y

    Article  Google Scholar 

  4. Canova, G., Volkamer, M., Bergmann, C., Borza, R.: NoPhish: an anti-phishing education app. In: Mauw, S., Jensen, C.D. (eds.) STM 2014. LNCS, vol. 8743, pp. 188–192. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-11851-2_14

    Chapter  Google Scholar 

  5. Sheng, S., et al.: Anti-phishing phil: the design and evaluation of a game that teaches people not to fall for phish. In: Symposium on Usable Privacy and Security, SOUPS 2007, pp. 88–99. ACM, New York (2007)

    Google Scholar 

  6. Hale, M.L., Gamble, R.F., Gamble, P.: CyberPhishing: a game-based platform for phishing awareness testing. In: Hawaii International Conference on System Sciences, Kauai, vol. 48, pp. 5260–5269. IEEE (2015)

    Google Scholar 

  7. Krathwohl, D.R.: A revision of bloom’s taxonomy: an overview. Theory Pract. 41(4), 212–218 (2002)

    Article  Google Scholar 

  8. Alotaibi, F., Furnell, S., Stengel, I., Papadaki, M.: A review of using gaming technology for cyber-security awareness. Inf. Secur. Res. 6(2), 660–666 (2016)

    Google Scholar 

  9. Compte, A.L., Elizondo, D., Watson, T.: A renewed approach to serious games for cyber security. In: International Conference on Cyber Conflict: Architectures in Cyberspace, Tallinn, pp. 203–216. IEEE (2015)

    Google Scholar 

  10. Dewey, C.M., Shaffer, C.: Advances in information SEcurity EDucation. In: International Conference on Electro Information Technology, Grand Forks, pp. 133–138. IEEE (2016)

    Google Scholar 

  11. Hendrix, M., Al-Sherbaz, A., Bloom, V.: Game based cyber security training: are serious games suitable for cyber security training? Serious Games 3(1), 53–61 (2016)

    Google Scholar 

  12. Monk, T., Van Niekerk, J., Von Solms, R.: Concealing the medicine: information security education through game play. In: Information Security for South Africa, Pretoria, pp. 467–478. ISSA (2009)

    Google Scholar 

  13. Tioh, J.N., Mina, M., Jacobson, D.W.: Cyber security training a survey of serious games in cyber security. In: 2017 IEEE Frontiers in Education Conference (FIE), Indianapolis, pp. 1–5. IEEE (2017)

    Google Scholar 

  14. Pastor, V., Díaz, G., Castro, M.: State-of-the-art simulation systems for information security education, training and awareness. In: EDUCON, Madrid, pp. 1907–1916. IEEE (2010)

    Google Scholar 

  15. Roepke, R., Schroeder, U.: The problem with teaching defence against the dark arts: a review of game-based learning applications and serious games for cyber security education. In: International Conference on Computer Supported Education, Heraklion, vol. 2, pp. 58–66. SciTePress (2019)

    Google Scholar 

  16. Köhler, K., Röpke, R., Wolf, M.R.: Through a mirror darkly - on the obscurity of teaching goals in game-based learning in IT security. In: Simulation & Gaming Through Times and Across Disciplines, pp. 324–335. Akademia Leona Kozminskiego, Warsaw (2019)

    Google Scholar 

  17. Arnab, S., et al.: Mapping learning and game mechanics for serious games analysis. Educ. Technol. 46(2), 391–411 (2015)

    Google Scholar 

  18. König, J.A., Wolf, M.R.: A new definition of competence developing games. In: ACHI 2016, pp. 95–97. IARIA, Venice (2016)

    Google Scholar 

  19. Wolf, M.R., Wiese, U.: A comparative transformation model for process changes using serious games. In: International Conference on Serious Games and Applications for Health, Vilamoura. IEEE (2013)

    Google Scholar 

  20. McGrath, D.K., Gupta, M.: Behind phishing: an examination of phisher modi operandi. In: USENIX Workshop on Large-Scale Exploits and Emergent Threats, LEET 2008, San Francisco (2008)

    Google Scholar 

  21. Elsayed, Y., Shosha, A.: Large scale detection of IDN domain name masquerading. In: 2018 APWG Symposium on Electronic Crime Research (eCrime). IEEE (2018)

    Google Scholar 

  22. Resnick, P.: Rfc 5322: Internet message format (2008)

    Google Scholar 

  23. Hu, H., Wang, G.: End-to-end measurements of email spoofing attacks. In: USENIX Security Symposium (USENIX Security 18), pp. 1095–1112. USENIX Association (2018)

    Google Scholar 

  24. Huynh, D., Luong, P., Iida, H., Beuran, R.: Design and evaluation of a cybersecurity awareness training game. In: Munekata, N., Kunita, I., Hoshino, J. (eds.) ICEC 2017. LNCS, vol. 10507, pp. 183–188. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66715-7_19

    Chapter  Google Scholar 

  25. Weanquoi, P., Johnson, J., Zhang, J.: Using a game to improve phishing awareness. Cybersecur. Educ. Res. Pract. 2018(2), 2 (2018)

    Google Scholar 

  26. Giannakas, F., Kambourakis, G., Gritzalis, S.: CyberAware: a mobile game-based app for cybersecurity education and awareness. In: International Conference on Interactive Mobile Communication Technologies and Learning (IMCL), Thessaloniki, pp. 54–58. IEEE (2015)

    Google Scholar 

  27. Lu, Y.: CyberCraft, a security serious game. Master’s thesis, Politecnico di Torino, Torino (2018)

    Google Scholar 

  28. König, J.A., Wolf, M.R.: GHOST: an evaluated competence developing game for cybersecurity awareness training. Adv. Secur. 11(3 & 4), 274–287 (2018)

    Google Scholar 

  29. Bergmann, C., Canova, G.: Design, implementation and evaluation of an anti-phishing education app. Master’s thesis, Technische Universität Darmstadt, Darmstadt (2014)

    Google Scholar 

  30. Wen, Z.A., Lin, Z., Chen, R., Andersen, E.: What. Hack: engaging anti-phishing training through a role-playing phishing simulation game. In: CHI Conference on Human Factors in Computing Systems, CHI 2019. ACM, New York (2019)

    Google Scholar 

  31. Geywitz, J.: “What the Hack?” - Konzeption und Implementierung eines erweiterbaren und adaptiven Serious Game zur Verbesserung von Information Security Awareness. Master’s thesis, University of Applied Sciences, Düsseldorf (2019)

    Google Scholar 

  32. Aladawy, D., Beckers, K., Pape, S.: PERSUADED: fighting social engineering attacks with a serious game. In: Furnell, S., Mouratidis, H., Pernul, G. (eds.) TrustBus 2018. LNCS, vol. 11033, pp. 103–118. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-98385-1_8

    Chapter  Google Scholar 

  33. Arachchilage, N.A.G., Love, S., Maple, C.: Can a mobile game teach computer users to thwart phishing attacks? Infonomics 6(3/4), 720–730 (2015)

    Article  Google Scholar 

  34. Baral, G., Arachchilage, N.A.G.: Building confidence not to be phished through a gamified approach: conceptualising user’s self-efficacy in phishing threat avoidance behaviour. In: Cybersecurity and Cyberforensics Conference (CCC), Melbourne, pp. 102–110. IEEE (2019)

    Google Scholar 

  35. Baslyman, M., Chiasson, S.: “Smells Phishy?”: an educational game about online phishing scams. In: 2016 APWG Symposium on Electronic Crime Research (eCrime), Toronto, Ontario, Canada, pp. 1–11. IEEE (2016)

    Google Scholar 

  36. Bauer, G., Martinek, D., Kriglstein, S., Wallner, G., Wölfle, R.: Digital game-based learning with “Internet Hero”: a game about the internet for children aged 9–12 years. In: Mitgutsch, K., Huber, S., Wagner, M., Wimmer, J., Rosenstingl, H. (eds.) Context Matters!, pp. 148–161. New Academic Press, Wien (2017)

    Google Scholar 

  37. Beckers, K., Pape, S.: A serious game for eliciting social engineering security requirements. In: International Requirements Engineering Conference (RE), Beijing, pp. 16–25. IEEE (2016)

    Google Scholar 

  38. Beckers, K., Pape, S., Fries, V.: HATCH: hack and trick capricious humans - a serious game on social engineering. In: International BCS Human Computer Interaction Conference: Companion Volume, HCI 2016, pp. 1–3. BCS Learning & Development Ltd., Swindon (2016)

    Google Scholar 

  39. Bhardwaj, J.: Design of a game for cybersecurity awareness. Master’s thesis, North Dakota State University, Fargo (2019)

    Google Scholar 

  40. Chiasson, S., Modi, M., Biddle, R.: Auction Hero: the design of a game to learn and teach about computer security. In: Ho, C., Lin, M.F.G. (eds.) E-Learn: World Conference on E-Learning in Corporate, Government, Healthcare, and Higher Education 2011, pp. 2201–2206. AACE, Honolulu (2011)

    Google Scholar 

  41. Gokul, C.J., Pandit, S., Vaddepalli, S., Tupsamudre, H., Banahatti, V., Lodha, S.: PHISHY - a serious game to train enterprise users on phishing awareness. In: Annual Symposium on Computer-Human Interaction in Play Companion Extended Abstracts, CHI PLAY 2018 Extended Abstracts, pp. 169–181. ACM, New York (2018)

    Google Scholar 

  42. Cone, B.D., Irvine, C.E., Thompson, M.F., Nguyen, T.D.: A video game for cyber security training and awareness. Comput. Secur. 26(1), 63–72 (2007)

    Article  Google Scholar 

  43. Filipczuk, D., Mason, C., Snow, S.: Using a game to explore notions of responsibility for cyber security in organisations. In: Extended Abstracts of the 2019 CHI Conference on Human Factors in Computing Systems, CHI EA 2019. ACM, New York (2019)

    Google Scholar 

  44. Frey, S., Rashid, A., Anthonysamy, P., Pinto-Albuquerque, M., Naqvi, S.A.: The good, the bad and the ugly: a study of security decisions in a cyber-physical systems game. IEEE Trans. Softw. Eng. 45(5), 521–536 (2019)

    Article  Google Scholar 

  45. Gondree, M., Peterson, Z.N.J.: Valuing security by getting [d0x3d!]: experiences with a network security board game. In: Workshop on Cyber Security Experimentation and Test (CSET). USENIX Association, Washington, D.C. (2013)

    Google Scholar 

  46. Hebert, A.J., Reynolds, C.O., Stack, K.J., Lindsay, R.C.: Lock\(\_\)out: a cybersecurity MQP and game. Final Report, Worcester Polytechnic Institute, Worcester (2017)

    Google Scholar 

  47. Katsadouros, E., Kogias, D., Toumanidis, L., Chatzigeorgiou, C., Patrikakis, C.Z.: Teaching network security through a scavenger hunt game. In: IEEE Global Engineering Education Conference (EDUCON), Athens, pp. 1802–1805. IEEE (2017)

    Google Scholar 

  48. Kulkarni, V.K.: Basic cybersecurity awareness through gaming. Master’s thesis, North Dakota State University, Fargo (2019)

    Google Scholar 

  49. Lopes, I., Morenets, Y., Inácio, P.R.M., Silva, F.: Cyber-detective: a game for cyber crime prevention. In: Play2Learn, Lisbon, Portugal, pp. 175–191 (2018)

    Google Scholar 

  50. Mikka-Muntuumo, J., Peters, A., Jazri, H.: CyberBullet - Share Your Story: an interactive game for stimulating awareness on the harm and negative effects of the internet. In: African Conference for Human Computer Interaction: Thriving Communities, pp. 287–290. ACM, New York (2018)

    Google Scholar 

  51. Misra, G., Arachchilage, N.A.G., Berkovsky, S.: Phish phinder: a game design approach to enhance user confidence in mitigating phishing attacks. In: Furnell, S., Clarke, N.L. (eds.) International Symposium on Human Aspects of Information Security & Assurance (HAISA 2017), Adelaide, pp. 41–51 (2017)

    Google Scholar 

  52. Monk, T., van Niekerk, J., von Solms, R.: Sweetening the medicine: educating users about information security by means of game play. In: Annual Research Conference of the South African Institute of Computer Scientists and Information Technologists, SAICSIT 2010, pp. 193–200. ACM, New York (2010)

    Google Scholar 

  53. Olano, M., et al.: SecurityEmpire: development and evaluation of a digital game to promote cybersecurity education. In: USENIX Summit on Gaming, Games, and Gamification in Security Education, San Diego (2014)

    Google Scholar 

  54. Olanrewaju, A.S.T., Zakaria, N.H.: Social engineering awareness game (SEAG): an empirical evaluation of using game towards improving information security awareness. In: International Conference on Computing and Informatics, Istanbul, pp. 187–193 (2015)

    Google Scholar 

  55. Rieb, A., Lechner, U.: Operation digital chameleon: towards an open cybersecurity method. In: International Symposium on Open Collaboration, OpenSym 2016, pp. 1–10. ACM, New York (2016)

    Google Scholar 

  56. Stockhardt, S., Reinheimer, B., Volkamer, M.: Über die Wirksamkeit von Anti-Phishing-Training. In: Mensch und Computer 2015 - Workshopband, pp. 647–656. Oldenbourg Wissenschaftsverlag, Stuttgart (2015)

    Google Scholar 

  57. Tseng, S., Chen, K., Lee, T., Weng, J.: Automatic content generation for anti-phishing education game. In: International Conference on Electrical and Control Engineering, Yichang, pp. 6390–6394. IEEE (2011)

    Google Scholar 

  58. Tseng, S.S., Yang, T.Y., Weng, J.F., Wang, Y.J.: Building a game-based internet security learning system by ontology crystallization approach. In: International Conference on e-Learning, e-Business, Enterprise Information Systems, and e-Government (EEE), p. 6. CSREA Press, Las Vegas (2015)

    Google Scholar 

  59. Vuksani, E.: Device dash: designing, implementing, and evaluating an educational computer security game. Thesis, Wellesley College & MITLincoln Laboratory, Wellesley (2012)

    Google Scholar 

  60. Yang, C., Tseng, S., Lee, T., Weng, J., Chen, K.: Building an anti-phishing game to enhance network security literacy learning. In: International Conference on Advanced Learning Technologies, Rome, vol. 12, pp. 121–123. IEEE (2012)

    Google Scholar 

  61. Yasin, A., Liu, L., Li, T., Wang, J., Zowghi, D.: Design and preliminary evaluation of a cyber Security Requirements Education Game (SREG). Inf. Softw. Technol. 95, 179–200 (2018)

    Article  Google Scholar 

Download references

Acknowledgements

This research was supported by the research training group “Human Centered Systems Security” sponsored by the state of North Rhine-Westphalia.

Author information

Authors and Affiliations

  1. RWTH Aachen University, Ahornstr. 55, 52074, Aachen, Germany

    Rene Roepke & Ulrik Schroeder

  2. University of Applied Sciences Aachen, Eupener Str. 70, 52066, Aachen, Germany

    Klemens Koehler & Martin R. Wolf

  3. RWTH Aachen University, Mies-v.-d.-Rohe-Str. 15, 52074, Aachen, Germany

    Vincent Drury & Ulrike Meyer

Authors
  1. Rene Roepke
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Klemens Koehler
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Vincent Drury
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Ulrik Schroeder
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Martin R. Wolf
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Ulrike Meyer
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Rene Roepke , Klemens Koehler or Vincent Drury .

Editor information

Editors and Affiliations

  1. Foundation for Research and Technology - Hellas, Heraklion, Greece

    George Hatzivasilis

  2. Technical University of Crete, Chania, Greece

    Sotiris Ioannidis

Appendix

Appendix

Table 6. Summarized analysis results of POG data set (x = identified category; g = guessed category; y = yes; n = no; – = n/a)
Full size table

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Roepke, R., Koehler, K., Drury, V., Schroeder, U., Wolf, M.R., Meyer, U. (2020). A Pond Full of Phishing Games - Analysis of Learning Games for Anti-Phishing Education. In: Hatzivasilis, G., Ioannidis, S. (eds) Model-driven Simulation and Training Environments for Cybersecurity. MSTEC 2020. Lecture Notes in Computer Science(), vol 12512. Springer, Cham. https://doi.org/10.1007/978-3-030-62433-0_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-62433-0_3

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-62432-3

  • Online ISBN: 978-3-030-62433-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation