Centre for Security, Communications and Network Research

Plymouth University

Education in the 'Virtual' Community: Can beating Malware Man teach users about Social Networking Security?

Sercombe AA, Papadaki M

Proceedings of the Sixth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2012)

Crete, Greece, ISBN: 978-1-84102-317-5, pp33-39

2012

Social Networks have become part of daily life for millions of people and by their very nature they encourage information sharing. 2011 was a year that saw numerous targeted "Spear Phishing" attacks in which it was clear that attackers gained knowledge about victims prior to carrying out their attacks. There is evidence that social media has been utilised as the source for this information so therefore it is more important than ever that users are educated against the risks.

This paper starts by looking at the current threats and awareness strategies. It then describes the design and evaluation of an online game to help educate users. The game has a central 'Malware Man' character and a firewall which burns him if the player answers correctly. The success of the game was evaluated using an experiment with a group of participants who had played the game, and a control group who had not. 101 users participated in the study. The results suggest that the game was successful in educating users as the average percentage of correct answers was 77% for those who had played the game, compared to 55% for those who had not.

Can be ordered on-line.

This publication is available for on-line download (PDF).