Gamification in Education for Phishing Prevention: A Systematic Review (#443)

Authors

Dominguez Aguila, Alexis José

Ojeda Marchán, Randdy Samhir

Donayre Monteza, Francisco Alonso

Abstract

Digital transformation has increased users' exposure to cyber threats, with phishing being one of the most frequent. Although informational campaigns exist, many users do not adopt effective preventive measures. In this context, gamification has emerged as an innovative educational strategy to enhance awareness of phishing. This systematic review analyzes the use of gamification techniques in preventive education, evaluating their benefits, limitations, and effectiveness compared to traditional methods. The PRISMA methodology was applied using the PICO framework, and the databases EBSCOHOST Xplore, ACM Digital Library, and Scopus were consulted, considering studies published between 2020 and 2025. Out of 246 articles identified, after removing duplicates and applying inclusion and exclusion criteria, 33 were selected for analysis. The most common gamified strategies include interactive simulations, serious games, reward systems, and dynamic feedback. These approaches have proven effective in improving knowledge retention and raising awareness about phishing attacks. However, some limitations were identified, such as limited adaptation to different user profiles, lack of comprehensive conceptual coverage, and insufficiently standardized evaluation mechanisms. It is concluded that gamification represents a promising alternative in cybersecurity education, but its effectiveness depends on instructional design, clear objectives, and the integration of appropriate evaluation systems.