+1 Recommend
1 collections
      • Record: found
      • Abstract: found
      • Conference Proceedings: found
      Is Open Access

      HATCH: Hack And Trick Capricious Humans – A Serious Game on Social Engineering


      1 , 2 , 1

      Proceedings of the 30th International BCS Human Computer Interaction Conference (HCI)


      11 - 15 July 2016

      Security, Methods, Education, Social Engineering, Serious Gaming



            Social engineering is the illicit acquisition of information about computer systems by primarily non-technical means. Although the technical security of most critical systems is usually being regarded in penetration tests, such systems remain highly vulnerable to attacks fromsocial engineers that exploit human behavioural patterns to obtain information (e.g., phishing). To achieve resilience against these attacks, we need to train people to teach them how these attacks work and how to detect them. We propose a serious game that helps players to understand how social engineering attackers work. The game can be played based on the real scenario in the company/department or based on a generic office scenario with personas that can be attacked. Our game trains people in realising social engineering attacks in an entertaining way, which shall cause a lasting learning effect.


            Author and article information

            July 2016
            July 2016
            : 1-3
            [0001]Technische Universität München (TUM)

            Institute of Informatics

            Boltzmannstr. 3

            85748 Garching, Germany
            [0002]Goethe-University Frankfurt

            Faculty of Economics

            Theodor-W.-Adorno-Platz 4

            60323 Frankfurt, Germany
            © Beckers et al. Published by BCS Learning and Development Ltd. Proceedings of British HCI 2016 Conference Fusion, Bournemouth, UK

            This work is licensed under a Creative Commons Attribution 4.0 Unported License. To view a copy of this license, visit http://creativecommons.org/licenses/by/4.0/

            Proceedings of the 30th International BCS Human Computer Interaction Conference
            Bournemouth University, Poole, UK
            11 - 15 July 2016
            Electronic Workshops in Computing (eWiC)
            Product Information: 1477-9358BCS Learning & Development
            Self URI (journal page): https://ewic.bcs.org/
            Electronic Workshops in Computing


            1. 2016a A serious game for eliciting social engineering security requirements. Proceedings of the 24th IEEE International Conference on Requirements Engineering RE 16 To Appear IEEE Computer Society

            2. 2016b Theoretical foundation for: A serious game for social engineering. Technical report, Technical University Munich (TUM) and Goethe-University Frankfurt http://pape.science/social-engineering/

            3. 2000 Beyond Boredom and Anxiety: Experiencing Flow in Work and Play 25th Anniversary Jossey-Bass

            4. 2013 Control-alt-hack: The design and evaluation of a card game for computer security awareness and education Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, CCS ’13 New York, NY, USA 915 928 ACM

            5. 2003 The threat of social engineering and your defense against it. SANS Reading Room

            6. 2010 Social engineering: The art of human hacking Indianapolis John Wiley & Sons

            7. 2016 The social engineering infographic Technical report, Social Engineer, Inc. http://www.social-engineer.org/social-engineering/social-engineering-infographic/

            8. 2006 A prototype for assessing information security awareness. Comput. Secur 25 4 289 296

            9. 2009 The Art of Deception Wiley

            10. 2006 Social engineering: Concepts and solutions. Information Systems Security 15 5 13 21

            11. Proofpoint 2016 The human factor report 2016. https://www.proofpoint.com/us/human-factor-report-2016

            12. 2016 Flow kurz skala. Technical report http://www.psych.uni-potsdam.de/people/rheinberg/messverfahren/FKS-englisch.pdf

            13. 2012 Elevation of privilege: Drawing developers into threat modeling Technical report, Microsoft, Redmond, U.S. http://download.microsoft.com/download/F/A/E/FAE1434F-6D22-4581-9804-8B60C04354E4/EoP_Whitepaper.pdf

            14. 2014 Threat Modeling: Designing for Security 1st John Wiley & Sons Inc

            15. 2011 March Understanding scam victims: Seven principles for systems security. Commun ACM 54 3 70 75

            16. 2009 Protection poker: Structuring software security risk assessment and knowledge transfer. Proceedings of International Symposium on Engineering Secure Software and Systems 122 134 Springer

            17. 2010 May Protection poker: The new software security “game”. Security Privacy IEEE 8 3 14 20


            Comment on this article