Phishing Awareness via Game-Based Learning
Argianto Rahartomo, Ahmed Tareq Ali Ghaleb, Mohammad Ghafari
TL;DR
This work addresses the human element in phishing defense by developing a 3D serious game that uses state randomization, time-limited challenges, and LLM-driven dialogues to train users to recognize clone, SMS, and spear phishing. The game is built in Unreal Engine with integrated web, question, and dialogue generators, and is open-source with an online demonstration. In a randomized study of 28 participants, players who engaged with the game showed a 24% higher phishing-awareness score and a 30% increase in self-reported confidence compared to a control group, with over 90% achieving at least 75% on a standardized phishing quiz. The findings suggest that game-based learning can effectively bolster phishing awareness and secure behaviors in a risk-free environment, offering a scalable approach to human-centered cybersecurity training, though broader population testing and richer interaction data are future directions.
Abstract
The increased use of digital devices and applications has led to a rise in phishing attacks. We develop a serious game to raise awareness about phishing attacks and help people avoid these threats in a risk-free learning environment. This game targets three types of phishing-clone phishing, SMS phishing, and spear phishing-and uses a Large Language Model to generate dialogues and questions dynamically. It also incorporates state randomization and time-limited challenges to enhance the gameplay. We evaluated two groups of participants and found that those who played the game showed, on average, a 24% increase in awareness and a 30% boost in confidence.
