Inspired e-Learning’s new cybersecurity awareness training game, Phishin’ Impossible, takes a novel approach in teaching employees about cyber threats. Players assume the role of a white hat hacker tasked with crafting convincing scam emails to fool unsuspecting staff. Players learn how cybercriminals operate and how to protect themselves by spending time in a hacker’s shoes.
After a brief introduction, players are tasked with crafting a phishing email to fool recipients into clicking a malicious link. If they succeed, they’ll be offered the opportunity of a lifetime; a job with the notorious white hat hacking group “Infamous Phun.”
Once initiated, players begin working their way through Infamous Phun’s ranks, starting as a “Rookie” and, depending on their performance, finishing up as a “Guru” hacker.
It’s here that things get serious. The world’s largest tech firm, Armstrong Tech, recruits Infamous Phun to send phishing emails to their staff and report back with the findings. The player’s mission? Craft a convincing phishing email targeting every single one of Armstrong’s employees.
Each mission offers players a choice of sender addresses, subject text, and body text. After every decision, the game provides feedback, explaining why players’ choices were right or wrong.
Once this mission is complete, players move onto their next task: craft a fake email convincing an employee to arrange a money transfer in the CEO’s absence:
The fourth and final mission is the most audacious yet. Players are tasked with phishing the Big Boss himself, Jackson Armstrong. Armstrong prides himself on his cyber-savvy but has one fatal flaw – his dog. To successfully fool the CEO, players will need to exploit his weakness. It all comes down to this.
The beauty of Phishin’ Impossible is that it doesn’t feel like cybersecurity awareness training. Just as players trick unsuspecting staff into clicking malicious links, the game tricks players into learning about phishing scams. It has an engaging narrative, appealing imagery, and valuable information. Phishin’ Impossible isn’t just an educational tool; it‘s a welcome break for employees who spend their days staring down the barrel of a spreadsheet.
What’s more, the ranking system motivates you to replay the game. It’s long been established that cybersecurity awareness training only works when consistent, and Phishin’ Impossible is endlessly repeatable. If you only reach the “Freshman Hacker” rank the first time, you want to replay the game until you become a “Guru Hacker.” When you do, you reaffirm the lessons you learned in the first playthrough.
Unlike other cybersecurity awareness training offerings, Phishin’ Impossible doesn’t simply pepper players with emails and ask them to identify the fake ones. Instead, players are placed firmly in the driver’s seat, crafting phishing emails to truly understand how cybercriminals think.
Over the years, there have been many attempts to make staff training “fun,” but almost all have fallen flat. Phishin’ Impossible is not one of them. Think back to when you were at school. Remember how exciting it was when you walked into a classroom with laptops set up for you? You’d spend the lesson learning without even realizing it. Phishin’ Impossible gives you that same feeling.
Dilki Rathnayake is a cybersecurity content writer and the Managing Editor at Information Security Buzz, with a BSc in Cybersecurity and Digital Forensics. She is skilled in computer network security and Linux system administration. Dilki has also led awareness programs and volunteered for communities promoting best practices for online safety.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.