CUPS - CMU Usable Privacy and Security Laboratory - Carnegie Mellon University, 5000 Forbes Ave., Pittsburgh, PA 15213

Anti-Phishing Phil

Phil
Play Anti-Phishing Phil

Privacy Finder logo
Win prizes and help our research by using Privacy Finder to help you find web sites that will protect your privacy

Play the game!

A preview version of Anti-Phishing Phil is available online now! Click here to play the game.

Through a collaboration between CMU and Portugal Telecom, a Portuguese version of this game is now available as Anti-Phishing Ze.

About the game

Anti-Phishing Phil is an interactive game that teaches users how to identify phishing URLs, where to look for cues in web browsers, and how to use search engines to find legitimate sites.

Our user studies have found that user education can help prevent people from falling for phishing attacks. However, it is hard to get users to read security tutorials, and many of the available online training materials make users aware of the phishing threat but do not provide them with enough information to protect themselves. Our studies demonstrate that Anti-Phishing Phil is an effective approach to user education.

S. Sheng, B. Magnien, P. Kumaraguru, A. Acquisti, L. Cranor, J. Hong, and E. Nunge. Anti-Phishing Phil: The Design and Evaluation of a Game That Teaches People Not to Fall for Phish. In Proceedings of the 2007 Symposium On Usable Privacy and Security, Pittsburgh, PA, July 18-20, 2007.

Licenses

Anti-Phishing Phil is an entertaining and fun way to inform your employees or customers about phishing attacks and how to avoid them. It can be customized with your organization's URLs and branding information or integrated into a larger training program. For information about commercial licensing, including opportunities to have the game customized for your business or training program, please contact CUPS Director Lorrie Cranor.

Anti-Phishing Phil is a great tool for teaching people about protecting themselves from phishing at school and community events. If you are interested in using Phil at such an event where Internet access will not be available, contact us to request a free, non-commercial use downloadable version of the game.

System requirements

Anti-Phishing Phil should run on any web browser that has Flash 8 installed. In addition, it runs under Flash 9 in Firefox, and usually Internet Explorer 7. If you have a previous version of Flash you will need to upgrade Flash or your web browser. If the game does not work properly with IE7, try upgrading your Flash.

Credits

Anti-Phishing Phil was developed by members of the CMU Usable Privacy and Security Laboratory with funding from the US National Science Foundation (Cyber Trust initiative) and ARO/CyLab. The game design team was led by Steve Sheng and included Alessandro Acquisti, Lorrie Cranor, Jason Hong, Ponnurangam Kumaraguru, Bryant Mangien, and Elizabeth Nunge. Patrick Kelley provided the fish artwork. Thanks to all members of the Supporting Trust Decisions project for their feedback on early versions of the game.

Contact Us

For more information about Anti-Phishing Phil or our other anti-phishing work, please contact CUPS Director, Lorrie Cranor.