Enhancing Social Engineering Awareness through Intergenerational Mentoring and Gamified Learning in Engineering Education

Zoltan Marton; Zoltan Rajnai; Gyorgy Molnar

doi:10.3991/ijep.v16i3.61231

Authors

Zoltan Marton Obuda University, Budapest, Hungary https://orcid.org/0009-0006-7795-076X
Zoltan Rajnai Obuda University, Budapest, Hungary https://orcid.org/0000-0002-9139-736X
Gyorgy Molnar Obuda University, Budapest, Hungary https://orcid.org/0000-0001-5238-5078

DOI:

https://doi.org/10.3991/ijep.v16i3.61231

Keywords:

social engineering, cybersecurity awareness, cybersecurity education, gamification, mentoring, generation z, human factors, engineering education, educational technology, digital literacy, STEM, STEAM

Abstract

This study examines the awareness of social engineering (SE) and the need for cybersecurity education among undergraduate engineering students at Obuda University in Hungary. A total of 173 participants, primarily from Generation Z and without a formal specialization in cybersecurity, completed a structured questionnaire. The questionnaire assessed familiarity with the SE concept, exposure to manipulation, confidence in detection, and openness to intergenerational mentoring. The results revealed moderate knowledge levels (5.4/10) and high exposure to suspicious messages, primarily through social media and instant messaging platforms. Most participants (92%) expressed a strong need for further cybersecurity education. The preferred formats were practice-oriented and included simulations, expert-led sessions, and hands-on workshops. Students perceived older adults as more vulnerable (61%), yet approximately one-third reported helping or receiving help from other generations regarding digital safety. These results underscore the necessity of a contextualized, participatory approach to cybersecurity education. The study proposes an intergenerational mentoring model that combines the digital fluency of younger learners with the caution and life experience of older users. This approach could bolster cybersecurity awareness in engineering and teacher training programs.

Author Biographies

Zoltan Marton, Obuda University, Budapest, Hungary

Mr. Zoltan Marton is the Director of the Hungarian STEAM Platform and Head of the STEAM Office at Obuda University. He plays a professional role in numerous domestic and international research and development projects; among other things, he is the Lead Researcher of the EdTech Talents project, founder of the Obuda University Summer Children's University, Scientific Coordinator of the STEAMCRAFT project, and National Development Manager of the SOBER project. He is the Founder of Hungary's first International STEAM Festival, STEAM Expert for the IMPACT project, Professional Leader of the STEAM Excellence Program at Obuda University, and initiator and co-organizer of numerous scientific and experience-based professional conferences. He holds a BA in Safety Technology Engineering and an MA in Engineering Education, and he is currently pursuing his PhD at the Doctoral School on Security and Safety Sciences at Obuda University. He is a University Lecturer at the Trefort Agoston Engineering Education Center and the John von Neumann Faculty of Informatics at Obuda University. His research interests include Minecraft-based and game-based learning methods, gamification, educational applications of social engineering, and cyberspace-based protection strategies.

Zoltan Rajnai, Obuda University, Budapest, Hungary

Prof. Dr. Zoltan Rajnai is currently the National Cyber Coordinator of Hungary and professor at the Obuda University. Previously Dr. Rajnai served as Colonel in Hungarian Defense Forces (1981-2013) and was professor at the National Defense University in the field of Information, info-communication, and telecommunication systems (1993-2013). Since 2013, Dr. Rajnai also is the Dean of faculty of Mechanical and Safety Engineering, Head of Doctoral School on Safety and Security Sciences with main responsibilities in the field of Cyber Security, Information Security, info-communication, and telecommunication systems. Dr. Rajnai received education from the High School at the Hungarian Defense Forces (1981-1985), the Military Academy (1990-1993), the Doctoral School on Military Sciences (1997-2000), and the Joint Security College- Paris, France (2003-2004). From 2025 onward, he is the General Vice-Rector of Obuda University.

Gyorgy Molnar, Obuda University, Budapest, Hungary

Prof. Dr. Gyorgy Molnar is a full professor and Dean of the Kando Kalman Faculty of Electrical Engineering at Obuda University, Budapest, and a full professor at Szechenyi István University, Gyor. He also serves as a senior expert of the Educational Authority in Hungary. Prof. Molnar holds degrees in Electrical Engineering, Engineering Education, and Biomedical Engineering, and earned his PhD in Education. His research and teaching focus on ICT-based education, digital pedagogy, vocational and higher education innovation, and engineering teacher training. He is a member of several national and international scientific committees and professional organizations (including MTA, MAB, SZIT, MPT, MRKB). Prof. Molnar is a recipient of the Janos Bolyai Research Scholarship, the New National Excellence Program (UNKP) Research Fellowship, and the Master Teacher Gold Medal. Since 2001, he has been actively involved in higher education, focusing on methodological and technological innovation in engineering and teacher education.

References

[1] S. Purkait, “Phishing countermeasures and their effectiveness – literature review,” Information Management & Computer Security, vol. 20, no. 5, pp. 382–420, 2012.

[2] K. D. Mitnick and W. L. Simon, The Art of Deception: Controlling the Human Element of Security. Wiley Publishing, 2002.

[3] World Economic Forum, “The Global Risks Report 2022,” WEF, Geneva, Switzerland, 2022. (Statistic: 95% of cybersecurity incidents involve human error.)

[4] M. Alsulami, F. Alharbi, H. Almutairi, B. Almutairi, M. Alotaibi, M. Alanzi, and S. Alharthi, “Measuring awareness of social engineering in the educational sector in the Kingdom of Saudi Arabia,” Information, vol. 12, no. 5, p. 208, 2021. doi: 10.3390/info12050208.

[5] K. Matyokurehwa, N. Rudhumbu, C. Gombiro, & C. Chipfumbu-Kangara, "Enhanced social engineering framework mitigating against social engineering attacks in higher education", Security and Privacy, vol. 5, no. 5, 2022. https://doi.org/10.1002/spy2.237

[6] Q. An, W. Hong, X. Xu, Y. Zhang, & K. Kolletar-Zhu, "How education level influences internet security knowledge, behaviour, and attitude: a comparison among undergraduates, postgraduates and working graduates", International Journal of Information Security, vol. 22, no. 2, p. 305-317, 2022. https://doi.org/10.1007/s10207-022-00637-z

[7] Ponemon Institute, “Generational differences in cybersecurity behaviors,” Help Net Security (Industry News), Apr. 2017. (Key findings on Millennials vs. Boomers/Gen X risks.)

[8] S. Burga, “Why Gen Z Is Surprisingly Susceptible to Financial Scams,” TIME Magazine, Feb. 24, 2024. (Citing Deloitte 2023 report: Gen Z 3× more likely to fall for scams than Boomers.)

[9] R. Ravichandran, S. Singh, and P. Sasikala, “Exploring school teachers’ cybersecurity awareness, experiences, and practices in the digital age,” Journal of Cybersecurity Education, Research and Practice, vol. 2024, no. 1, pp. 1–15, 2025.

[10] “The Effectiveness of Cybersecurity Awareness Programs in Schools,” The Learning Counsel, Aug. 2023. (Reports 86% of K-12 educators had <6 hours of cybersecurity training; 23% felt confident teaching it.)

[11] Pew Research Center, “The Future of Truth and Misinformation Online,” Pew Research Center, Oct. 19, 2017.

[12] G. Bak and A. Kelemen-Erdős, “Információbiztonság-tudatosság az Y generáció szemszögéből, kvalitatív megközelítés alapján,” Hadmérnök (Military Engineer Journal), vol. 17, no. 3, pp. 81–95, 2022. (In Hungarian.)

[13] I. Jagadics and Cs. Kollár, “21. századi social engineering támadások, védekezés és szervezeti hatások Európában,” Belügyi Szemle (Internal Affairs Review), vol. 71, no. 1, pp. 113–126, 2023. (In Hungarian.)

[14] D. Hauser, “Social Engineering Awareness in Business and Academia,” in MWAIS 2016 Proceedings (Midwest AIS Conference), Paper 7, 2016, pp. 3–6.

[15] T. Green and L. Donovan, “Pre-service teacher training and cybersecurity: A national analysis,” Journal of Teacher Education and Technology, vol. 30, no. 2, pp. 85–98, 2020.

[16] K. Jansson and R. von Solms, “Phishing for phishing awareness: A research framework and toolkit for the design of phishing awareness simulations,” Computers & Security, vol. 62, pp. 117–128, 2016.

[17] R. M. Abdulla, H. A. Faraj, C. O. Abdullah, A. H. Amin, and T. A. Rashid, “Analysis of Social Engineering Awareness Among Students and Lecturers,” IEEE Access, vol. 11, pp. 101098–101109, 2023.

[18] K. M. Najmul Islam, M. Mäntymäki, and M. Laato, “Gamification of cybersecurity education: A systematic literature review,” Computers & Security, vol. 105, p. 102252, 2021.

[19] H. Abroshan, J. Devos, G. Poels, and E. Laermans, “COVID-19 and phishing: Effects of human emotions, behavior, and demographics on the success of phishing attempts during the pandemic,” IEEE Access, vol. 9, pp. 121916–121929, 2021. doi: 10.1109/ACCESS.2021.3109091.

[20] H. Jones, J. Towse, N. Race, and T. Harrison, “Email fraud: The search for psychological predictors of susceptibility,” PLoS ONE, vol. 14, no. 1, e0209684, 2019. doi: 10.1371/journal.pone.0209684.

[21] D. Sarno, J. Lewis, C. Bohil, and M. Neider, “Which phish is on the hook? Phishing vulnerability for older versus younger adults,” Human Factors, vol. 62, no. 5, pp. 704–717, 2019. doi: 10.1177/0018720819855570.

[22] D. Pehlivanoglu, A. Shoenfelt, Z. Hakim, A. Heemskerk, J. Zhen, M. Mosqueda, … and N. Ebner, “Phishing vulnerability compounded by older age, apolipoprotein E e4 genotype, and lower cognition,” PNAS Nexus, vol. 3, no. 8, 2024. doi: 10.1093/pnasnexus/pgae296.

[23] S. Park and J. Lee, "Incidental news exposure on facebook and its relation to trust in news", Social Media + Society, vol. 9, no. 1, 2023. https://doi.org/10.1177/20563051231158823

[24] W. Gordon, A. Wright, R. Glynn, J. Kadakia, C. Mazzone, E. Leinbach, and A. Landman, “Evaluation of a mandatory phishing training program for high-risk employees at a U.S. healthcare system,” Journal of the American Medical Informatics Association, vol. 26, no. 6, pp. 547–552, 2019. doi: 10.1093/jamia/ocz005.

[25] T. Sutter, A. Bozkır, B. Gehring, and P. Berlich, “Avoiding the hook: Influential factors of phishing awareness training on click-rates and a data-driven approach to predict email difficulty perception,” IEEE Access, vol. 10, pp. 100540–100565, 2022. doi: 10.1109/ACCESS.2022.3207272.

[26] Hungarian Central Statistical Office (KSH), “Education and training statistics: Graduates by field of study and gender,” Központi Statisztikai Hivatal, 2021. [Online]. Available: https://www.ksh.hu

[27] A. Petrenko and J. Čadil, “Gender disparity in STEM higher education in the European Union: Trends and implications,” Education Sciences, vol. 14, no. 2, p. 219, 2024. doi: 10.3390/educsci14020219.

[28] Human Aspects of Information Security Questionnaire (HAISQ): Development and Evaluation" by R. A. B. N. A. S. S. Crowder, C. J. and R. Segarra, published in the Journal of Information Security and Applications, vol. 45, no. 1, pp. 87-94, 2019. DOI: 10.1016/j.jisa.2019.05.009(https://doi.org/10.1016/j.jisa.2019.05.009).

[29] A. Vishwanath, T. Herath, J. Chen, R. Wang, and H. R. Rao, “Suspicion, cognition, and automaticity model of phishing susceptibility,” Communication Research, vol. 43, no. 3, pp. 294–319, 2016. doi: 10.1177/0093650215627483.

[30] T. E. Gorman and C. S. Green, “Short-term mindfulness intervention reduces the negative attentional effects associated with heavy media multitasking,” Scientific Reports, vol. 6, no. 1, p. 24542, 2016. doi: 10.1038/srep24542.

[31] Y. Zhang, M. Jones, and S. Ekrem, “Multitasking and monetary incentive in a realistic phishing study,” in Proceedings of the 32nd British HCI Conference (HCI 2018), pp. 1–6, 2018. doi: 10.14236/ewic/HCI2018.115.

[32] M. Blaak, L. El Amrani, A. M. Azizi, A. Bousfiha, and F. Boutayeb, “Effectiveness of simulation with a standardized patient on knowledge acquisition, knowledge retention, and self-efficacy among Moroccan nursing students: A quasi-experimental study,” Healthcare, vol. 13, no. 3, p. 318, 2025. doi: 10.3390/healthcare13030318.

[33] Y. Krishnamoorthy, R. Sakthivel, A. Saravanan, S. V. Priya, and N. Nagalingam, “Gamification-based teaching methods for pandemic and outbreak investigation training among healthcare professionals and students: A systematic review,” Simulation & Gaming, vol. 56, no. 1, pp. 33–49, 2025. doi: 10.1177/10468781251338382.

[34] A. J. Loverde, M. G. Adams, and R. D. Phelps, “Comparison of lecture and manipulative teaching methods on learning and application to practice,” Nursing Forum, vol. 58, no. 1, pp. 24–33, 2023. doi: 10.1111/nuf.12575.

[35] R. M. Abdulla, H. A. Faraj, C. O. Abdullah, A. H. Amin, and T. A. Rashid, “Analysis of Social Engineering Awareness Among Students and Lecturers,” IEEE Access, vol. 11, pp. 92948–92964, 2023, doi: 10.1109/ACCESS.2023.3311708.

[36] Sun, S. “Designing Gamified Intergenerational Reverse Mentorship Based on Cognitive Aging Theory.” Multimodal Technologies and Interaction, vol. 9, no. 64, 2025. https://doi.org/10.3390/mti9060064