Designing a Mobile Game for Home Computer Users to Protect Against Phishing Attacks

📝 Abstract

This research aims to design an educational mobile game for home computer users to prevent from phishing attacks. Phishing is an online identity theft which aims to steal sensitive information such as username, password and online banking details from victims. To prevent this, phishing education needs to be considered. Mobile games could facilitate to embed learning in a natural environment. The paper introduces a mobile game design based on a story which is simplifying and exaggerating real life. We use a theoretical model derived from Technology Threat Avoidance Theory (TTAT) to address the game design issues and game design principles were used as a set of guidelines for structuring and presenting information. The overall mobile game design was aimed to enhance avoidance behaviour through motivation of home computer users to protect against phishing threats. The prototype game design is presented on Google App Inventor Emulator. We believe by training home computer users to protect against phishing attacks, would be an aid to enable the cyberspace as a secure environment.

💡 Analysis

This research aims to design an educational mobile game for home computer users to prevent from phishing attacks. Phishing is an online identity theft which aims to steal sensitive information such as username, password and online banking details from victims. To prevent this, phishing education needs to be considered. Mobile games could facilitate to embed learning in a natural environment. The paper introduces a mobile game design based on a story which is simplifying and exaggerating real life. We use a theoretical model derived from Technology Threat Avoidance Theory (TTAT) to address the game design issues and game design principles were used as a set of guidelines for structuring and presenting information. The overall mobile game design was aimed to enhance avoidance behaviour through motivation of home computer users to protect against phishing threats. The prototype game design is presented on Google App Inventor Emulator. We believe by training home computer users to protect against phishing attacks, would be an aid to enable the cyberspace as a secure environment.

📄 Content

IJeLS, Volume 1, Issue 1, 2011

1

Designing a Mobile Game for Home Computer Users to Protect Against “Phishing Attacks”

Nalin Asanka Gamagedara Arachchilage School of Information Systems, Computing and Mathematics Brunel University
Uxbridge, Middlesex, UK Nalin.Asanka@brunel.ac.uk

Melissa Cole School of Information Systems, Computing and Mathematics Brunel University
Uxbridge, Middlesex, UK Melissa.Cole@brunel.ac.uk

Abstract

This research aims to design an educational mobile game for home computer users to prevent from phishing attacks. Phishing is an online identity theft which aims to steal sensitive information such as username, password and online banking details from victims. To prevent this, phishing education needs to be considered. Mobile games could facilitate to embed learning in a natural environment. The paper introduces a mobile game design based on a story which is simplifying and exaggerating real life. We use a theoretical model derived from Technology Threat Avoidance Theory (TTAT) to address the game design issues and game design principles were used as a set of guidelines for structuring and presenting information. The overall mobile game design was aimed to enhance avoidance behaviour through motivation of home computer users to protect against phishing threats. The prototype game design is presented on Google App Inventor Emulator. We believe by training home computer users to protect against phishing attacks, would be an aid to enable the cyberspace as a secure environment.

1. Introduction

Home computer users play a significant role in helping to make cyberspace a safer place for everyone due to the internet technology growth. Internet technology is so pervasive today that it provides the backbone for modern living enabling ordinary people to shop, socialize, and be entertained all through their home computers. As people‟s reliance on the internet grows, so the possibility of hacking and other security breaches increases [10]. Therefore, the message “security begins at home” should be spread to all computer users [3]. Due to the lack of security awareness, professionalism, and training, home computer users create an open back door for hackers using social networking websites [37]. This could be through internet enable services such as Facebook, Twitter, Hi5, Orkut, Skype, and even more professional social networking website like LinkedIn. Therefore, social engineering is still infancy and a constant threat as people give away too much information such as username, password and credit/debit card information through social media.
In addition, as organisations have become increasingly „virtual‟ there has been a technological shift from work to the domestic environment [14]. Employees are free to work at home or bring unfinished work home due to the pervasiveness of internet technology. This increases the opportunity for individual users to open themselves to vulnerable IT threats. Unlike employees in the organisations, these home computer users are unlikely to have a sufficient IT infrastructure to protect themselves from malicious IT attacks, or may not have a proper standard or strict IT security policies in place. For example, most home computer users are not IT professionals and lack a high degree of computer literacy to set up a secure home computing system. In addition, home computer users tend to display unsafe computer behaviour which is particularly vulnerable to IT threats. For example, browsing unsafe websites, downloading suspicious software, sharing passwords among family and peers, and using unprotected home wireless networks [10]. Security exploits can include malicious IT threats such as viruses, malicious software (malware), unsolicited e-mail (spam), monitoring software (spyware), the art of human hacking (social engineering) and online identity theft (phishing). One

                                                                                                                                                                                                                    IJeLS, Volume 1, Issue 1, 2011 

2

such IT threat that is particularly dangerous to home computer users is phishing. This is a type of semantic attack [2], in which victims get invited by spam emails to visit fraudulent websites. The attacker creates a fraudulent website which has the look-and-feel of the legitimate website. Users are invited by sending emails to access to the fraudulent website and steal their money. It is sometimes much easier and less risky

This content is AI-processed based on ArXiv data.