Enhancing Phishing Awareness Using Scenario-based Learning Techniques

Abstract

Phishing is a type of cyber-attack that uses fraudulent emails to trick users into revealing personal information, such as passwords and credit card numbers. Phishing attacks pose a major threat to businesses and individuals, causing significant financial and reputational damage. This study aimed to investigate the effectiveness of scenario-based learning in improving phishing awareness among IT professionals in Saudi Arabia. A quasi-experimental design was used to evaluate the effectiveness of a scenario-based learning program on phishing awareness among 80 IT professionals in Saudi Arabia. Participants completed pre- and post-test phishing detection tasks. The study found that participants' performance in distinguishing phishing emails significantly improved after the educational program. The percentage of correct answers increased in all scenarios, except for scenario 2, where it decreased by 5.5%. On average, the percentage of correct answers increased from 54.22% before the educational program to 69.5% after. The study's findings suggest that scenario-based learning is an effective way to improve phishing awareness among IT professionals. The study also suggests that online courses or tutorials are a popular way for IT professionals to learn about cybersecurity.