Indian Journal of Science and Technology

Abstract

Objectives: The main objective of this study is to address poor security awareness regarding phishing attack in Middle East by developing anti-phishing educational game to educate Arabic users about phishing URLs. Methods/statistical analysis: We start by identifying phishing site URL attributes that help identify phishing sites. Then, we followed a well-established game design framework (EDPE) to develop our anti-phishing game. We performed a study on 56 participants using pretest and post-test technique to assess the level of phishing awareness among participants before playing the game and after playing the game. We used paired t-test and one-way analysis of variance (ANOVA) statistical analysis to identify to what extent anti-phishing game could help users identify and avoid phishing attacks. Findings: The results obtained from pretest proved the clam that security awareness in Arabic region is still immature. While the results obtained from post-test prove that serious educational games in Arabic language could be used to educate Arabic users about security concepts and increase security awareness. In addition, the results reflect that employees need more training (as their performance were the lowest among different demographic participants) to help them correctly identify phishing sites. Moreover, by inspecting participants’ responses, we identified that similar and deceptive domains, is the hardest URL phishing category to be correctly identified by users. So, we should pay more attention to this category while performing users training. Application/improvements: Our anti-phishing game is the first security educational game in Arabic language. It proves the effectiveness of serious games as a training tool. It is a step towards raising security awareness in Arabic region.
Keywords: Anti-Phishing, Attack, Arabic, Game, Framework