Phishing video game to validate the principles of persuasion in university students

Abstract

Phishing is a social engineering procedure in which a malicious actor impersonates a trusted third party with the intention of tricking the user into disclosing confidential information. Research on social engineering has shown that inappropriate use of persuasion principles in emails leads to increased susceptibility to phishing in users. Therefore, a serious game is proposed to measure the three principles of persuasion in information security: authority, scarcity and taste, in university students about phishing attacks. The methodology includes the elaboration of a visual novel for serious games and a questionnaire for measuring psychological principles aimed at university students and based on real case scenarios. The findings support previous research, which indicates that the use of psychological principles in phishing attacks generates greater susceptibility in users. The principles of persuasion evaluated show high susceptibility scores.

Phishing is a social engineering procedure in which a malicious actor impersonates a trusted third party with the intention of tricking the user into disclosing confidential information. Research on social engineering has shown that inappropriate use of persuasion principles in emails leads to increased susceptibility to phishing in users. Therefore, a serious game is proposed to measure the three principles of persuasion in information security: authority, scarcity and taste, in university students about phishing attacks. The methodology includes the elaboration of a visual novel for serious games and a questionnaire for measuring psychological principles aimed at university students and based on real case scenarios. The findings support previous research, which indicates that the use of psychological principles in phishing attacks generates greater susceptibility in users. The principles of persuasion evaluated show high susceptibility scores. © AMCIS 2021.