A Game or Notes? The Use of a Customized Mobile Game to Improve Teenagers’ Phishing Knowledge, Case of Tanzania

Abstract

Recently, phishing attacks have been increasing tremendously, and attackers discover new techniques every day to deceive users. With the advancement of technology, teenagers are considered the most technologically advanced generation, having grown up with the availability of the internet and mobile devices. However, as end-users, they are also considered the weakest link for these attacks to be successful, as they still show poor cybersecurity hygiene and practices. Despite several efforts to educate and provide awareness on the prevention of phishing attacks, less has been done to develop tools to educate teenagers about protecting themselves from phishing attacks considering their differences in social-economic and social culture. This research contributes a customized educational mobile game that fits the African context due to the participants’ existing differences in social-economic and social culture. We initially conducted a survey to assess teenagers’ phishing and cybersecurity knowledge in secondary schools categorized as international, private, and government schools. We then developed a customized mobile game based on the African context taking into consideration participants’ differences in social-economic and social culture. We compared the performance of phishing knowledge of teenagers using a game and a traditional teaching method. The traditional teaching method was presented by the reading notes method. The results revealed that teenagers’ phishing and cybersecurity knowledge differs based on their socioeconomic and social culture. For instance, international, private scholars, and those who live in urban areas have better phishing knowledge than those from government schools and those who live in rural areas. On the other hand, participants who had a poor performance in the first assessment improved their knowledge after playing the game. In addition, participants who played the game had retained their phishing knowledge more, two weeks later, than their counterparts who read only notes.