My son recently discovered perhaps one of the most intriguing games in the Steam library, as it relates to Information Security – A game that teaches and emulates Social Engineering. BlackWatchmen
The Social Engineering piece is in one of the many puzzles in the game. When you begin the puzzle, you are supposed to Social Engineer a fake company in order to get a passcode to continue the game. In the puzzle, you receive a letter with instructions on how to Social Engineer; in the letter is an email template that will be used for phishing. You will be phishing someone at this fictitious company, Superterram.
The game has a website set up for a fake company: http://www.superterram.org Under the contact page, you find your target person you will phish.
The game has fake profile set up on facebook for the target, so you can gather her interests; ( needed to properly complete the phishing email ).
You then craft an email with all of the info you gathered from recon ( from your REAL email account ) to an address specified by the game. The game has a chatbot that replies back; ( structured to look like a real person sent you an email ). In the reply is code you need to continue, to complete the puzzle to move on with game. Check it out . . . http://www.blackwatchmen.com/
I thought this was a very intuitive puzzle that mirrored an actual Social Engineering / Phishing attack to a tee. All the way from the recon phase to using data to craft an email to get what you need. Here is a snap of the email:
Well done, Game Devs Alice and Smith!