Catch the Phish

A gamified eLearning experience to learn how to spot phishing emails

"I am in awe. For a complex project, you did an amazing job thinking through all the details. I loved how you had the thought bubble of the client eluding to whether or not answers were correct. The checklist at the very end is a great recap."

- Savitre Tubrung, Lead HRIS Analyst, Cook County Government

"I was particularly blown away by Scott's commitment to creating a more equitable learning experience by allowing learners to choose from a diverse array of avatars to represent themselves. Throughout this delightful visual experience, learners can make decisions, discover the consequences, and come away with valuable feedback."

- Shimrit Lee, Instructional Designer

"The artwork is not only beautiful, but it does a wonderful job of pulling you into the scenario and the realistic storytelling keeps you engaged. Scott’s understanding of ID principles is evident throughout this project from using the ADDIE model to effectively implementing Mayer’s Principles of Multimedia Learning."

- Sabrina Gonzalez, Instructional Designer

Audience

Employees who need to learn the SuccessFactors LMS

Responsibilities

Storyboarding
Visual Design
Development

Tools Used

Articulate Storyline 360
Adobe Illustrator
Adobe PhotoShop

Audience

Employees who want to learn to avoid phishing scams

Responsibilities

Storyboarding

Visual Design

Development

Tools Used

Articulate Storyline 360

Adobe Illustrator

Adobe PhotoShop

Menu to Access Each Step Separately

In software simulations, there are often many steps to demonstrate how to complete a variety of tasks. But what if you just want to refresh your memory on completing one particular task? This simulation includes a menu so that the learner can choose the tasks they need to learn to complete.

Practice Mode

Learning to use any software requires practice. Just being shown how to use it does not guarantee recall. This software simulation includes a practice mode where users can practice completing tasks in the software in the context of a real-life scenario.

Hints Provided Upon Wrong Clicks in Practice Mode

Learning is not immediate, and sometimes we forget or make mistakes. In the practice mode of this software simulation, the user is presented with a hint on how to proceed when they choose incorrectly.

On-Demand Reminders of Phishing Features

There are quite a few ways to spot a phishing attempt. While learning about phishing, it could be difficult to remember them all and their definitions. In this game, the user has access to a convenient and organized "cheat sheet" to remember the details of each phishing feature.

Phishing Features Labeled to Aid Learning

Whether the user chooses correctly or incorrectly, they are presented with a recap that allows them to select different parts of the email that suggest it is a phishing attempt and learn why that part of the email hints at phishing.

Fun Graphics and
Animations

This is a game after all, right?! Using fun, colorful graphics of an underwater scene with fish and fun animations throughout keeps the user engaged and makes learning about phishing more interesting.

Project Overview

Becoming a victim of a phishing scam can have devastating consequences, and spotting them is harder than ever. Scammers have become adept at creating emails that seem surprisingly authentic in order to trick a person into sharing personal information.

Learning how to spot phishing emails is.....not the most exciting thing to do. Just thinking about phishing attempts and the fear of becoming a victim of one is stressful, so naturally people likely aren't very excited about learning how to spot them. Traditional learning exercises for spotting phishing attempts are dry, boring, intimidating, and often use fear to scare people into becoming more aware of the tricks scammers use.

That's why when I was asked to create a short training exercise to help employees at my organization become better at spotting phishing attempts, I took a different approach. I created a gamified experience that lets users practice spotting phishing emails in a risk-free environment using fun graphics and animations in a beautiful underwater theme with colorful fish. The result is a learning experience that is stress-free and fun!

Design Decisions

Gamified Underwater Theme

I used the "phish" term to create a "fish" themed experience with fun, colorful graphics and animations. This shifted the focus from a topic that is serious and potentially dangerous to something more fun and inviting which helps the learner relax and learn how to spot phishing attempts with better focus.

Users can choose individual tasks to learn to complete, use the 'Play All' option to go through the entire simulation, or enter Practice mode to test their skills

When the user returns to the menu, they see a notification of which tasks in the simulation they have already viewed, indicated by a checkmark

On-Demand Reminders of Phishing Features

There are many ways to spot a phishing email attempt. Accordingly, it can be difficult to remember them all when you're just learning. So, in this learning experience, when the user is presented with an email and must decide if is safe, they have access to reminders of different phishing features which helps them learn.

Labels to Show Phishing Features

When a user has decided an email is safe or dangerous, they are presented with an opportunity to see the parts of the email that indicate a phishing attempt. This is where the real learning happens!

Results Screen that Allows Acess to the Emails for Review

After the user has either caught all the phishing attempts or allowed the emails to pass through, they are presented with a results screen showing them how they did. To aid in the learning, the user can access a review of each of the emails right from the results screen.

In practice mode, the user is presented with real-world situations and must choose the correct way to use the software to complete a specific task

If the user chooses incorrectly, they are presented with a hint to help them correct the mistake

Photorealistic Characters

I decided to use photorealistic characters because of the seriousness of the topic of this course. I felt that using illustrated characters would undermine the seriousness because illustrated characters typically invoke a sense of whimsy, which is not the tone I wanted to use for this project.

Branded Visuals

As this was designed for a particular client, I incorporated the company's logo and color scheme throughout the entire project, not only giving it a unified look, but a constant reminder of the source of this course content (Note: actual logo removed in these screenshots to respect the client's proprietary assets)

Realistic Audio

When a person experiences an actual tornado event and is indoors, the person is likely to hear many noises that add to the stress of the situation, like sirens, alarms, and concerned comments from nearby people. Many of those sounds were added to this module to try to put the user in a situation as close to what they would actually experience in the event of a tornado.

Full User Control

I wanted to make sure the user has full control of their experience in this course. Accordingly, on all slides, users are able to navigate back to the main menu, the menu for the section they are currently in, and, where applicable, to the previous slide. In addition, while the user is forced to listen to the stressful audio sounds at the beginning of the tornado safety module, eventually they are allowed to toggle that audio on and off.