A game design framework for avoiding phishing attacks

Authors:
Nalin Asanka Gamagedara Arachchilage;Steve Love
Affiliations:
-;-
Venue:
Computers in Human Behavior
Year:
2013

Citing 18
Cited 0

User acceptance of computer technology: a comparison of two theoretical models

Management Science
Information privacy: measuring individuals' concerns about organizational practices

MIS Quarterly
Trusted Paths for Browsers

Proceedings of the 11th USENIX Security Symposium
A Partial Least Squares Latent Variable Modeling Approach for Measuring Interaction Effects: Results from a Monte Carlo Simulation Study and an Electronic-Mail Emotion/Adoption Study

Information Systems Research
The battle against phishing: Dynamic Security Skins

SOUPS '05 Proceedings of the 2005 symposium on Usable privacy and security
Phishing Exposed

Phishing Exposed
Why phishing works

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Don't be a phish: steps in user education

Proceedings of the 11th annual SIGCSE conference on Innovation and technology in computer science education
Decision strategies and susceptibility to phishing

SOUPS '06 Proceedings of the second symposium on Usable privacy and security
Protecting people from phishing: the design and evaluation of an embedded training email system

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Anti-Phishing Phil: the design and evaluation of a game that teaches people not to fall for phish

Proceedings of the 3rd symposium on Usable privacy and security
Social phishing

Communications of the ACM
Behavioral response to phishing risk

Proceedings of the anti-phishing working groups 2nd annual eCrime researchers summit
Educational game design for online education

Computers in Human Behavior
Security lapses and the omission of information security measures: A threat control model and empirical test

Computers in Human Behavior
Studying users' computer security behavior: A health belief perspective

Decision Support Systems
Who falls for phish?: a demographic analysis of phishing susceptibility and effectiveness of interventions

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Avoidance of information technology threats: a theoretical perspective

MIS Quarterly

Quantified Score

Hi-index	0.00

Visualization

Abstract

Game based education is becoming more and more popular. This is because game based education provides an opportunity for learning in a natural environment. Phishing is an online identity theft, which attempts to steal sensitive information such as username, password, and online banking details from its victims. To prevent this, phishing awareness needs to be considered. This research aims to develop a game design framework, which enhances user avoidance behaviour through motivation to protect users from phishing attacks. In order to do this, a theoretical model derived from Technology Thread Avoidance Theory (TTAT) was developed and used in the game design framework (Liang & Xue, 2010). A survey study was undertaken with 150 regular computer users to elicit feedback through a questionnaire. The study findings revealed that perceived threat, safeguard effectiveness, safeguard cost, self-efficacy, perceived severity, and perceived susceptibility elements should be addressed in the game design framework for computer users to avoid phishing attacks. Furthermore, we argue that this game design framework can be used not only for preventing phishing attacks but also for preventing other malicious IT attacks such as viruses, malware, botnets and spyware.