The solution created, Imitieren, is a simulation-based game specifically innovated to spread phishing awareness among the mass public. Through the game’s dual perspective, precisely that of an attacker and a potential victim, the game encourages its players to identify phishing red flags and understand the thought process of an attacker. By understanding the social engineering techniques used to perform phishing attacks, players are provided with a more holistic understanding of phishing through our game. As players are placed into the game simulation, they would experience first-hand how phishing attacks can be easily encountered in real-life and understand the consequences of falling for one.
The team kept three main priorities in mind while designing the solution: holism, simplicity, and interactivity. In the event of a phishing attack, there are two primary identities involved: the attacker and the victim. With this in mind, the team incorporated both perspectives into the game to create awareness of the red flags to look out for and understand the purpose of why phishing attacks are carried out in the first place. By understanding the information of interest to the attacker through the roles in the game, players would be more likely to prevent themselves from falling prey and using the information learnt in a real-life scenario.
To convey the purpose of the game, the team focused on simplicity in making technical aspects of phishing fun and easy to learn for the users by implementing simple gameplay such as clicks, drags, and drops. Thus, allowing people with minimal technical knowledge to play the game and provide greater relevance to the target audience — HILTI's entire network. Interactive elements, such as allowing the attacker to send phishing emails to the potential victims and a discussion session at the end of the game, are vital elements to keep users engaged and hooked in discovering who the attacker is. The team believes the solution has considered critical deliverables of the problem statement, leading to a favourable impression to the panel of judges.
Having grown with the solution from its ideation to designing stage, and finally presentation phase, the team undoubtedly wishes to see the game launched and used by users in upskilling their susceptibility towards phishing attacks. The team recognises that the solution requires much more refinement and technicality changes to ensure the team’s vision of providing a seamless and engaging experience for phishing attack awareness to the target audience.