Gokul CJ (TCS Research, Tata Consultancy Services Ltd., Pune), Vijayanand Banahatti (TCS Research, Tata Consultancy Services Ltd., Pune), Sachin Lodha (TCS Research, Tata Consultancy Services Ltd., Pune)

Phishing threats are on the rise, especially through Business Email Compromise (BEC). Despite having several tools for phishing email detection, the attacks are becoming smarter and personal, targeting individuals to gain access to personal and organizational information. Game-based cybersecurity training methods are found to have positive results in educating users. Along this line, we introduce PickMail, an anti-phishing awareness game that simulates typical real-life email scenarios to train an organization’s employees. In PickMail, we train participants to judge the legitimacy of an email by inspecting its various parts, such as the sender’s email domain, hyperlinks, attachments, and forms. The game also records participants’ decision-making steps that lead to their final judgment. Our study with 478 participants shows how the serious game-based training helped the participants make better judgments on emails, with the correctness in identifying email legitimacy reaching 92.62%. The study also provided us with insights that could help develop better training methods and user interfaces.

View More Papers

Log4shell: Redefining the Web Attack Surface

Douglas Everson (Clemson University), Long Cheng (Clemson University), and Zhenkai Zhang (Clemson University)

Read More

Vision: Towards True User-Centric Design for Digital Identity Wallets

Yorick Last (Paderborn University), Patricia Arias Cabarcos (Paderborn University)

Read More

Exploring The Design Space of Sharing and Privacy Mechanisms...

Abdulmajeed Alqhatani, Heather R. Lipford (University of North Carolina at Charlotte)

Read More

“Mind your own cryptocurrency!”

Abbas Acar, Ege Tekiner, Selcuk Uluagac (Florida International University)

Read More