Developing IMPAWSTER: Improving Meaningful Phishing Awareness With Simulated Training and Email Roleplay

Abstract

Phishing emails have greatly increased in recent years and have significant financial consequences. Although research has focused on developing training interventions to help older adults become more adept at detecting phishing attempts, studies indicate that younger adults may be more at risk. The present study developed a novel, gamified phishing intervention, IMPAWSTER. To assess the utility of gamifying a phishing intervention, we compared performance benefits for the same phishing intervention, with and without gamification, relative to no intervention. Gamification was employed to increase user motivation and engagement while addressing the three basic needs described by self-determination theory (competence, autonomy, and relatedness). The results indicated that while both the gamified and basic interventions improved users’ phishing detection and made them more cautious, including game elements did not meaningfully improve outcomes. Future research should examine if different gamification elements or longer training sessions can improve phishing detection abilities relative to standard interventions.