Title: Re-evaluation of PhishI game and its utilisation in eliciting security requirements

Authors: Rubia Fatima; Affan Yasin; Lin Liu; Jianmin Wang

Addresses: School of Software, Tsinghua University, Beijing, China ' School of Software, Tsinghua University, Beijing, China ' School of Software, Tsinghua University, Beijing, China ' School of Software, Tsinghua University, Beijing, China

Abstract: The COVID-19 pandemic has sparked considerable alarm amongst the general community and has significantly affected the societal attitudes and perceptions. In the current era, social engineers are applying various strategies to exploit human weakness. Phishing, a social engineering technique, is one of the most widely used and effective ways to undermine human assets. In this research study, firstly, we aim to educate the participants regarding phishing attacks; secondly, the dangers associated with excessive online sharing; and thirdly, how to utilise game scenarios developed by the participants to elicit security requirements. We have employed various research methods, such as, survey, observation, personas development, and scenario-based technique to achieve these objectives. Our re-evaluation results show that the PhishI game effectively educates participants regarding phishing attacks and dangers associated with disclosing excessive online information.

Keywords: social engineering; phishing attack; awareness; security requirements elicitation; serious game; online information disclosure; human factor.

DOI: 10.1504/IJICS.2024.138492

International Journal of Information and Computer Security, 2024 Vol.23 No.3, pp.294 - 321

Received: 13 Feb 2022
Accepted: 08 Oct 2022
Published online: 08 May 2024 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article