The game features a cartoon fish named Phil and will have users choose what action to take when confronted with various URLs. Players are first taught how how to identify phishing URLs and where to look for cues in web browsers, and then will have to make their choices based on the information given before each round.

Our user studies have found that user education can help prevent people from falling for phishing attacks. However, it is hard to get users to read security tutorials, and many of the available online training materials make users aware of the phishing threat but do not provide them with enough information to protect themselves. Our studies demonstrate that Anti-Phishing Phil is an effective approach to user education,” stated the Carnegie Mellon University team.

Anti-Phishing Phil was developed by members of the CMU Usable Privacy and Security Laboratory with funding from the US National Science Foundation (Cyber Trust initiative) and ARO/CyLab.

The game design team was led by Steve Sheng and included Alessandro Acquisti, Lorrie Cranor, Jason Hong, Ponnurangam Kumaraguru, Bryant Mangien, and Elizabeth Nunge.

Anti-Phishing Phil can be played here.