In 2014, we launched our open-access repository which offers full text access to conference proceedings from many of our events including the INC and HAISA series. These papers are free to access and distribute (subject to citing the source).
6th International Symposium on Human Aspects of Information Security and Assurance (HAISA 2012)
Title: Education in the 'Virtual' Community: Can beating Malware Man teach users about Social Networking Security?
Author(s): Annette Sercombe, Maria Papadaki
Keywords: Social Networking, Social Networks, Phishing, Spear Phishing, Education, Awareness, Game, Interactive
Abstract: Social Networks have become part of daily life for millions of people and by their very nature they encourage information sharing. 2011 was a year that saw numerous targeted "Spear Phishing" attacks in which it was clear that attackers gained knowledge about victims prior to carrying out their attacks. There is evidence that social media has been utilised as the source for this information so therefore it is more important than ever that users are educated against the risks.
This paper starts by looking at the current threats and awareness strategies. It then describes the design and evaluation of an online game to help educate users. The game has a central 'Malware Man' character and a firewall which burns him if the player answers correctly. The success of the game was evaluated using an experiment with a group of participants who had played the game, and a control group who had not. 101 users participated in the study. The results suggest that the game was successful in educating users as the average percentage of correct answers was 77% for those who had played the game, compared to 55% for those who had not.
Download count: 1420
How to get this paper:
PDF copy of this paper is free to download. You may distribute this copy providing you cite this page as the source.