Caught in the Net: An Explorative HCI Study on HumanBehavioral Vulnerabilities Against Phishing

Abstract

This work presents an exploratory study focused on the design of a serious game aimed at investigating the factors that lead individuals to fall victim to phishing attacks - a particularly dangerous form of social engineering used by cybercriminals. Data were collected from 15 participants who played the game autonomously, while unknowingly being exposed to simulated phishing attempts within a safe and controlled environment. The results indicate that the game design was effective in both engaging participants and delivering realistic, custom-crafted phishing attacks in the form of email messages. Statistical analyses further suggest that individual personality traits may play a significant role in identifying human vulnerabilities in such contexts, highlighting their potential importance in the design of future defense strategies.