Abstract
Objectives: The main objective of this study is to address poor security awareness regarding phishing attack in Middle East by developing anti-phishing educational game to educate Arabic users about phishing URLs. Methods/statistical analysis: We start by identifying phishing site URL attributes that help identify phishing sites. Then, we followed a well-established game design framework (EDPE) to develop our anti-phishing game. We performed a study on 56 participants using pretest and post-test technique to assess the level of phishing awareness among participants before playing the game and after playing the game. We used paired t-test and one-way analysis of variance (ANOVA) statistical analysis to identify to what extent anti-phishing game could help users identify and avoid phishing attacks. Findings: The results obtained from pretest proved the clam that security awareness in Arabic region is still immature. While the results obtained from post-test prove that serious educational games in Arabic language could be used to educate Arabic users about security concepts and increase security awareness. In addition, the results reflect that employees need more training (as their performance were the lowest among different demographic participants) to help them correctly identify phishing sites. Moreover, by inspecting participants’ responses, we identified that similar and deceptive domains, is the hardest URL phishing category to be correctly identified by users. So, we should pay more attention to this category while performing users training. Application/improvements: Our anti-phishing game is the first security educational game in Arabic language. It proves the effectiveness of serious games as a training tool. It is a step towards raising security awareness in Arabic region.Keywords: Anti-Phishing, Attack, Arabic, Game, Framework
Highlights
Phishing is a serious kind of attack that targets many sectors such as financial, retail, cloud computing, and payment systems.[1]
We present anti-phishing educational game in Arabic language for the benefits of Arabic users
The paired t-test analysis shows a significant increase in participants’ performance from pre-test to post-test (μ1 = 6.9, μ2 = 8.77, p = 0.01). These results confirmed by oneway analysis of variance (ANOVA F (1, 110) = 164.51, p < 0.01)
Summary
Phishing is a serious kind of attack that targets many sectors such as financial, retail, cloud computing, and payment systems.[1] In this attack, hackers use social engineering technology and spoofing techniques to deceive users to visit a fake website that appears as a legitimate one. According to Qabajeh,3 “phishing” has been defined as “a type of computer attack that communicates socially engineered messages to humans via electronic communication channels in order to persuade them to perform certain actions for the attacker’s benefit”. While this definition is general to include all types of phishing our focus here is on fake website phishing. The proposed solutions have their own limitations.[3]
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.