2022
DOI: 10.3389/feduc.2021.807277
|View full text |Cite
|
Sign up to set email alerts
|

Phish Derby: Shoring the Human Shield Through Gamified Phishing Attacks

Abstract: To better understand employees’ reporting behaviors in relation to phishing emails, we gamified the phishing security awareness training process by creating and conducting a month-long “Phish Derby” competition at a large university in the U.S. The university’s Information Security Office challenged employees to prove they could detect phishing emails as part of the simulated phishing program currently in place. Employees volunteered to compete for prizes during this special event and were instructed to report… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
3
1
1

Citation Types

0
6
0

Year Published

2022
2022
2024
2024

Publication Types

Select...
4
3

Relationship

2
5

Authors

Journals

citations
Cited by 13 publications
(8 citation statements)
references
References 49 publications
0
6
0
Order By: Relevance
“…Positive behavior changes, as a measurable outcome associated with game elements, are supported by the studies of [16] and [47]. In their study, [47] explored the impact of gamification elements, including Points, Competition, Alerts, and Feedback, in the Phish Derby experiment.…”
Section: Rqmentioning
confidence: 96%
See 3 more Smart Citations
“…Positive behavior changes, as a measurable outcome associated with game elements, are supported by the studies of [16] and [47]. In their study, [47] explored the impact of gamification elements, including Points, Competition, Alerts, and Feedback, in the Phish Derby experiment.…”
Section: Rqmentioning
confidence: 96%
“…Positive behavior changes, as a measurable outcome associated with game elements, are supported by the studies of [16] and [47]. In their study, [47] explored the impact of gamification elements, including Points, Competition, Alerts, and Feedback, in the Phish Derby experiment. The Phish Derby experiment involved gamifying phishing security awareness training to understand employees' reporting behaviors regarding phishing emails.…”
Section: Rqmentioning
confidence: 96%
See 2 more Smart Citations
“…Maladaptive cybersecurity behaviors (i.e., impulsive clicking) have been identified as a major threat to both individual and organizational security (Canham et al, 2022). Therefore, the course focused on improving cognitive and behavioral factors such as self-efficacy, repeat clicking, and critical thinking in risk assessment to encourage learning.…”
Section: Im Step : the Identification And Definition Of Performance A...mentioning
confidence: 99%