Gokul CJ (TCS Research, Tata Consultancy Services Ltd., Pune), Vijayanand Banahatti (TCS Research, Tata Consultancy Services Ltd., Pune), Sachin Lodha (TCS Research, Tata Consultancy Services Ltd., Pune)

Phishing threats are on the rise, especially through Business Email Compromise (BEC). Despite having several tools for phishing email detection, the attacks are becoming smarter and personal, targeting individuals to gain access to personal and organizational information. Game-based cybersecurity training methods are found to have positive results in educating users. Along this line, we introduce PickMail, an anti-phishing awareness game that simulates typical real-life email scenarios to train an organization’s employees. In PickMail, we train participants to judge the legitimacy of an email by inspecting its various parts, such as the sender’s email domain, hyperlinks, attachments, and forms. The game also records participants’ decision-making steps that lead to their final judgment. Our study with 478 participants shows how the serious game-based training helped the participants make better judgments on emails, with the correctness in identifying email legitimacy reaching 92.62%. The study also provided us with insights that could help develop better training methods and user interfaces.

View More Papers

Above and Beyond: Organizational Efforts to Complement U.S. Digital...

Rock Stevens (University of Maryland), Faris Bugra Kokulu (Arizona State University), Adam Doupé (Arizona State University), Michelle L. Mazurek (University of Maryland)

Read More

Will They Share? Predicting Location Sharing Behaviors of Smartphone...

Muhammad Irtaza Safi, Abhiditya Jha (University of Central Florida); Malak Eihab Aly (New York University); Xinru Page (Bentley University); Sameer Patil (Indiana University); Pamela Wisniewski (University of Central Florida)

Read More

DRAWN APART: A Device Identification Technique based on Remote...

Tomer Laor (Ben-Gurion Univ. of the Negev), Naif Mehanna (Univ. Lille, CNRS, Inria), Antonin Durey (Univ. Lille, CNRS, Inria), Vitaly Dyadyuk (Ben-Gurion Univ. of the Negev), Pierre Laperdrix (Univ. Lille, CNRS, Inria), Clémentine Maurice (Univ. Lille, CNRS, Inria), Yossi Oren (Ben-Gurion Univ. of the Negev), Romain Rouvoy (Univ. Lille, CNRS, Inria / IUF), Walter Rudametkin…

Read More

Understanding Influences on SMS Phishing Detection: User Behavior, Demographics,...

Daniel Timko (California State University San Marcos), Daniel Hernandez Castillo (California State University San Marcos), Muhammad Lutfor Rahman (California State University San Marcos)

Read More