AR Phishing Simulation

Exploring how XR technologies can create more engaging, embodied, and effective learning experiences — from AR-based skill practice to VR-powered scenario training

Project Summary

An (augmented reality) AR-based learning experience designed to help users improve phishing awareness by practicing realistic email analysis in an interactive inbox environment. Reinforces security behaviors through visual scanning and embodied practice, moving beyond traditional quiz-based training.

Type: AR Learning Prototype (Zappar + Figma)
Focus: Building visual muscle memory for phishing detection
Tools: Figma, Zappar

Business Problem
Phishing remains one of the most persistent cybersecurity threats, yet traditional training often relies on passive quizzes and lacks real-world immersion. Users struggle to retain concepts or apply them under pressure.

Solution
I designed an AR learning prototype that simulates realistic email analysis in an interactive inbox environment. The experience leverages embodied learning and spatial cues to build visual muscle memory, training users to spot red flags through active pattern recognition, not just recall. The project explores how AR can reinforce critical security behaviors more effectively than conventional methods.

Selected Screens

Click to expand images.

Inbox Trigger Email with 5 emails to explore
AR Phishing Simulation — Inbox Trigger Image: Users scan a realistic inbox as the AR marker and explore email examples to practice phishing detection.
More Details of an Amazon Email.
Example of an individual email before AR Tip is activated — users examine content and make click decisions.
AR overlay provides visual guidance on phishing cues — building visual scanning habits and click hesitation.
Summary Sheet reinforces key takeaways — helping users reflect on phishing patterns and improve detection skills.
Summary Sheet reinforces key takeaways — helping users reflect on phishing patterns and improve detection skills.
AR overlay on a legitimate email — reinforcing positive behaviors and helping users recognize safe patterns.
Another email example—users must evaluate whether this email is legitimate.
AR overlay on a legitimate email — reinforcing positive behaviors and helping users recognize safe patterns.

What I Learned

Designing this prototype reinforced the importance of aligning learning experience design with real-world user behaviors. Phishing detection is not just about cognitive knowledge; it requires visual scanning, pattern recognition, and intentional click behaviors (or cautious click habits) that are best built through realistic practice.

Working with AR overlays challenged me to think about how to scaffold in-the-moment learning without overwhelming the user.

I also gained deeper insight into balancing engagement, clarity, and usability in XR learning environments.

Next steps include implementing the full interactive version in Zapworks Designer and exploring how AR-based phishing simulations can complement traditional security awareness programs.

Project Reflection

Click on image to expand.

Inbox and Emails anchored in 3D virtual space by AR technology
Email Inbox and detailed emails created in Zappar for 3D world
Detailed email anchored in real world via AR
Email tracked on screen while in real world
Email tracked in 3D world via mobile device - AR screen tracking

This phishing simulation was prototyped in Zappar to explore the use of world-anchored and screen-tracked AR for decision-based learning.

While technically functional, the project revealed critical limitations in using AR for information-dense tasks. Button stacking, scale responsiveness, and UX clarity became barriers rather than affordances.

Lesson learned: Not all simulations benefit from immersion. In this case, a responsive eLearning tool like Articulate Rise or Canvas LMS would better support readability, navigation, and instructional flow.

This project now serves as a design case study on matching medium to message, a principle I apply rigorously to every learning experience I create.

Read more in my blog →

Next Steps

A 360° VR story could be a far more immersive and effective way to tell this phishing simulation experience, especially when paired with reflective prompts and decision-making elements.

← Return to All Projects