ABSTRACT
As information security systems become increasingly sophisticated and reliable, humans are rapidly becoming the weakest link in the security pipeline. Technological countermeasures can only be deployed if the humans depending upon them are aware of how to use them, and hackers are beginning to take advantage of the knowledge gap that exists in this area. The recent DNC hackings during the 2016 US presidential election are evidence of this, as staff were tricked into sharing passwords which granted access to confidential information by fake Google security emails. Vulnerabilities such as these are due in part to insufficient and tiresome training when it comes to information security. A potential solution is the introduction of more engaging training methods, which teach information security in an active and entertaining way. To this end, we introduce the game What.Hack to teach information security and defense methods for social engineering threats.
Supplemental Material
- Gupta BB Atawneh S. Meulenberg A. & Almomani E. Almomani, A. 2013. A survey of phishing email filtering techniques. In IEEE communications surveys & tutorials, Vol. 15.Google Scholar
- Brown A. L & Cocking R. R Bransford, J. D. 1999. How people learn: Brain, mind, experience, and school. National Academy Press.Google Scholar
- Lerner A. Shostack A. & Kohno T. Denning, T. 2013. Control-Alt-Hack: the design and evaluation of a card game for computer security awareness and education. In ACM CCS.Google Scholar
- C. Herley. 2012. Why do nigerian scammers say they are from nigeria?. In WEIS.Google Scholar
- J. Hong. 2012. The state of phishing attacks. In Communications of the ACM, Vol. 55. Google ScholarDigital Library
- 3909 LLC Lucas P. 2013. Papers, Please: a dystopian document thriller. http://store.steampowered.com/app/ 239030/Google Scholar
- N. A. Macmillan. 2002. Signal detection theory. In Stevens' handbook of experimental psychology. Google ScholarCross Ref
- Magnien B. Kumaraguru P. Acquisti A. Cranor L. F. Hong J. & Nunge E. Sheng, S. 2007. Anti-phishing phil: the design and evaluation of a game that teaches people not to fall for phish. In ACM SOUPS.Google Scholar
- Wikipedia. 2017. Podesta emails. http://en.wikipedia.org/ w/index.php?title=Podesta%20emails&oldid=759435543.Google Scholar
Index Terms
- What.Hack: Learn Phishing Email Defence the Fun Way
Recommendations
What.Hack: Engaging Anti-Phishing Training Through a Role-playing Phishing Simulation Game
CHI '19: Proceedings of the 2019 CHI Conference on Human Factors in Computing SystemsPhishing attacks are a major problem, as evidenced by the DNC hackings during the 2016 US presidential election, in which staff were tricked into sharing passwords by fake Google security emails, granting access to confidential information. ...
Characterizing Social Insider Attacks on Facebook
CHI '17: Proceedings of the 2017 CHI Conference on Human Factors in Computing SystemsFacebook accounts are secured against unauthorized access through passwords and device-level security. Those defenses, however, may not be sufficient to prevent social insider attacks, where attackers know their victims, and gain access to a victim's ...
Phishing threat avoidance behaviour
Phishing is an online identity theft that aims to steal sensitive information such as username, password and online banking details from its victims. Phishing education needs to be considered as a means to combat this threat. This paper reports on a ...
Comments