Date of Award


Publication Type


Degree Name



Computer Science


Awareness, Gamification, Platform, Social engineering, Training


L. Rueda






Almost every type of cybersecurity incident leverages one or more social engineering attacks. Nowadays social engineering attack is considered one of the most significant threats to individuals and organizations. It is an attacking technique that manipulates and deceives users to access or gain privileged information. Cybersecurity training is an effective defense method to enhance people's awareness of social engineering attacks, especially training through game playing or educational games. However, fewer tools can customize social engineering simulations based on user's characteristics and needs. Some social engineering training tools are lack motivation, engagement, and interaction.

Gamification is the use of game elements and game design techniques in non-game contexts. Using gamification can combine the game elements and social engineering training. In this thesis, we investigated the use of gamification to improve users' awareness and engagement in anti-social engineering training. We proposed a gamified social engineering platform called GamiSE by applying modern gamification principles to gamify the anti-social engineering training process. Users can use the platform to share experiences related to social engineering and report social engineering attacks. The platform can send phishing email attacks to the users. Users can get points, badges, achievements, and other gamification elements based on their performances. We conducted a study to measure the impact of adding gamification in anti-social engineering training. In our study, 74 subjects participated in the 20-day evaluation.

The study results indicated that adding gamification elements can motivate users to participate in social engineering training and positively affect participants' performances on the SE training platform. The users' awareness and ability to detect social engineering attacks such as phishing attacks improve by participating in gamified anti-social engineering training.