The Social Engineer
An immersive Virtual Reality Game to raise Social Engineering Awareness
About the Game
Varied Interactive Missions
Play different Missions and Interaction Techniques in an Educational Context
Game Trailer
Nominated & Awarded
Nominated for Best Newcomer Prototype and Winner of Audience Choice Award
More Information
Scientific Background
The Game Concept was published in form of a Short Paper at CHI Play
Game Research
Explore New Game Worlds
Find out more about the Game and its Origin Story
Additional Material
Previous
Next

ABOUT THE GAME

THE IDEA & THE VISION BEHIND ‘THE SOCIAL ENGINEER’

The Social Engineer is an immersive agent game that works without weapons and violence. Instead, players must use social engineering attack methods to get confidential information or gain access to restricted locations by exploiting the human factor as a weak point. This fascinates millions of people in Hollywood productions such as the Ocean’s series as well as in tv shows like Mr. Robot, while classic stealth games like Hitman, Thief and Invisible have a large fan base. The Social Engineer now combines these two worlds for the first time. Through the use of virtual reality, players get the opportunity to experience the work of a social engineering agent in an immersive way, be it in one-to-one conversations with employees, sneaking into a building or spying on company secrets. 

We created The Social Engineer, an immersive educational game in virtual reality, to raise awareness and to sensitize players about social engineering. Players impersonate agents and conduct security audits in a virtually simulated company. The game consists of a detailed game world and different missions that require players to apply different social engineering attack methods. The Social Engineer can potentially benefit companies as an immersive self-training tool for their employees, support security experts in teaching social engineering awareness as part of a comprehensive training course, and entertain interested individuals by leveraging fun and innovative gameplay mechanics. The game is suitable for all target groups and requires no prior technical or content knowledge.

GAME CONCEPT

THE CONCEPT BEHIND ‘THE SOCIAL ENGINEER’

We want to use The Social Engineer to raise awareness against SE by demonstrating the immediate effect of SE attacks in a company while playing from an attackers’ perspective.  As shown by research this is a legitimate and effective way of raising awareness. After each mission, an overview of revealed vulnerabilities alongside tips to avoid SE attacks in the form of Do’s and Don’ts is presented to reinforce the learning effect. No specific computer skills or knowledge about SE are required to master the game successfully. A tutorial takes place in several individual rooms where an instructor Non-Player-Character (NPC) explains all game interactions and SE attack methods.

During a mission the player can always access information about all applicable SE attack methods in a collection of knowledge that is integrated into the game. Additionally, when being stuck, a player can request help in the form of short instructions that recommend possible approaches to choose or apply the correct SE attack method.

Within The Social Engineer players slip into the role of a penetration tester on behalf of a security company. The mission of this penetration tester is to do a security check in compaies that have ordered a security check. The focus of this security check is on finding and applying public known and often used SE attacks. For this the penetration tester has to go
into the company without being exposed. In the company nobody except of a responsible person knows that the security check is taking place.

The mission consists of different tasks.  A task is considered fulfilled when one or more security flaws have been revealed. Therefore the goal of each task is to receive confidential information that normally should not be accessible by persons from outside the company. Inside the company, the player can walk around and talk with gender and cultural diverse employees or interact with objects. Some of the game mechanics are inspired by well-known sandbox stealth games and combined with real SE attack methods to create an unique player experience.

VIDEOS

TRAILER & GAME PLAY WALKTHROUGH

Game Trailer

Gameplay Demo and Walkthrough

AWARDS

GAME NOMINATIONS & AWARDS

Audience Choice Award - Student Game Design Competition - CHI PLAY 2020

The concept of The Social Engineer was accepted as a contribution to the Student Game Design Competition at CHI PLAY 2020. It was presented in a virtual conference that was held between 2nd and 5th November 2020.

The game competed against twelve teams from all over the world to win the Audience Choice Award.

🔗 The Social Engineer: An Immersive Virtual Reality Educational Game to Raise Social Engineering Awareness

Young Talent Award Finalist - Best Prototype - German Computer Game Award 2021

The prototype of The Social Engineer was nominated in the category Young Talent Award – Best Prototype at the German Computer Game Awared 2021 (Deutscher Computerspielepreis 2021). It was presented in a virtual ceremony on 13th April 2021.

As part of the nomination the game could win a promotion that helps to further develop the game.

🔗 Official Award Hompage (german)

SCIENTIFIC BACKGROUND

RESEARCH PAPERS & EDUCATIONAL CONTEXT

The conecpt of The Social Engineer was developed in cooperation with the Institute of Media Informatics at Ulm University. The prototyp of the game was developed as part of a student project. The concept of the game was published in form of a short paper at CHI PLAY 2020.

The goal of The Social Engineer is to sensitize employees as well as private players to the topic of Social Engineering (SE) by taking up the role of a SE penetration tester in a virtually simulated company. While exploiting common vulnerabilities to conduct frequently used SE attack methods, players can gain sustainable awareness for SE. The concept of the game has been designed with the help of SE experts from a cybersecurity company to ensure the technical and theoretical accuracy of the SE attack methods and tasks included in the game. In addition to the educational aspect, The Social Engineer should attract the interest of the player and the replay value of the game by including entertaining stories and varied tasks. Our concept enables the game to be highly extensible and flexible regarding different playable scenarios and settings.

Target Groups:

  1. Companies can use the game as an interactive self-training tool to raise awareness about SE among employees and improve the company’s information security.
  2. Security experts can let participants of SE training sessions play the game supplementary to traditional classroom lectures.
  3. Interested individuals can play the game for entertainment purposes at home and get sensitized about SE along the way.

Related Research Papers:

🔗 P. Jansen and F. Fischbach, “The Social Engineer: An Immersive Virtual Reality Educational Game to Raise Social Engineering Awareness”, CHI PLAY ’20: Extended Abstracts of the 2020 Annual Symposium on Computer-Human Interaction in Play, Nov. 2020. ACM.

🔗 T. Drey, P. Jansen, F. Fischbach, J. Frommel and E. Rukzio, “Towards Progress Assessment for Adaptive Hints in Educational Virtual Reality Games”, In Extended Abstracts of CHI 2020 (SIGCHI Conference on Human Factors in Computing Systems), Apr. 2020. ACM.

SUPPLEMENTARY MATERIAL

ADDITIONAL LINKS & DOWNLOADS

Cookie Icon

This website uses cookies to ensure you get the best experience on our website.