Engaging Users with Educational Games: The Case of Phishing

Phishing continues to be a difficult problem for individuals and organisations. Educational games and simulations have been increasingly acknowledged as enormous and powerful teaching tools, yet little work has examined how to engage users with these games. We explore this problem by conducting workshops with 9 younger adults and reporting on their expectations for cybersecurity educational games. We find a disconnect between casual and serious gamers, where casual gamers prefer simple games incorporating humour while serious gamers demand a congruent narrative or storyline. Importantly, both demographics agree that educational games should prioritise gameplay over information provision - i.e. the game should be a game with educational content. We discuss the implications for educational games developers.