This work presents an exploratory study focused on the design of a serious game aimed at investigating the factors that lead individuals to fall victim to phishing attacks - a particularly dangerous form of social engineering used by cybercriminals. Data were collected from 15 participants who played the game autonomously, while unknowingly being exposed to simulated phishing attempts within a safe and controlled environment. The results indicate that the game design was effective in both engaging participants and delivering realistic, custom-crafted phishing attacks in the form of email messages. Statistical analyses further suggest that individual personality traits may play a significant role in identifying human vulnerabilities in such contexts, highlighting their potential importance in the design of future defense strategies.
Caught in the Net: An Explorative HCI Study on HumanBehavioral Vulnerabilities Against Phishing
Lorenzo Morocutti;Dario Pasquali;Stefano Bencetti;Nicoletta Noceti;Francesco Rea;Alessandra Sciutti
2025-01-01
Abstract
This work presents an exploratory study focused on the design of a serious game aimed at investigating the factors that lead individuals to fall victim to phishing attacks - a particularly dangerous form of social engineering used by cybercriminals. Data were collected from 15 participants who played the game autonomously, while unknowingly being exposed to simulated phishing attempts within a safe and controlled environment. The results indicate that the game design was effective in both engaging participants and delivering realistic, custom-crafted phishing attacks in the form of email messages. Statistical analyses further suggest that individual personality traits may play a significant role in identifying human vulnerabilities in such contexts, highlighting their potential importance in the design of future defense strategies.
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
