Paper Type
ERF
Abstract
Phishing, particularly spear phishing, poses significant threats by exploiting individual and organizational vulnerabilities through deceptive, targeted messages. Despite considerable progress in phishing awareness training, most existing systems target general phishing, with limited focus on specifically addressing spear phishing. Additionally, they also lack personalized feedback and training on phishing behavior. While gamification shows promise for enhancing user engagement, existing phishing awareness training designs often overlook important gamification elements. Building on existing theories, this study introduces several design considerations and proposes novel design artifacts to implement those considerations, including personalized attacks, structured knowledge training, personalized feedback, and competitiveness-driven design. We will evaluate the system's performance in phishing detection and user engagement in phishing awareness training, ultimately promoting a comprehensive cybersecurity education strategy.
Paper Number
1980
Recommended Citation
Zhou, Lina and Aldkheel, Abdulrahman, "GAMIFICATION-BASED SPEAR PHISHING AWARENESS TRAINING SYSTEM: FOUR NOVEL DESIGN ARTIFACTS" (2025). AMCIS 2025 Proceedings. 22.
https://aisel.aisnet.org/amcis2025/sig_sec/sig_sec/22
GAMIFICATION-BASED SPEAR PHISHING AWARENESS TRAINING SYSTEM: FOUR NOVEL DESIGN ARTIFACTS
Phishing, particularly spear phishing, poses significant threats by exploiting individual and organizational vulnerabilities through deceptive, targeted messages. Despite considerable progress in phishing awareness training, most existing systems target general phishing, with limited focus on specifically addressing spear phishing. Additionally, they also lack personalized feedback and training on phishing behavior. While gamification shows promise for enhancing user engagement, existing phishing awareness training designs often overlook important gamification elements. Building on existing theories, this study introduces several design considerations and proposes novel design artifacts to implement those considerations, including personalized attacks, structured knowledge training, personalized feedback, and competitiveness-driven design. We will evaluate the system's performance in phishing detection and user engagement in phishing awareness training, ultimately promoting a comprehensive cybersecurity education strategy.
When commenting on articles, please be friendly, welcoming, respectful and abide by the AIS eLibrary Discussion Thread Code of Conduct posted here.
Comments
SIGSEC