Collegiate Social Engineering Capture the Flag Competition

Abstract

Social engineering (SE) is an essential, yet often over-looked, field within cybersecurity, particularly in the context of education, training, and awareness. While there are investments in cybersecurity education programs, they tend to have a primarily technical focus, including within classroom curricula and Capture the Flag (CTF) competitions. Because the current technical CTFs do not emphasize the relevance of the human-socio-psychological aspects of cyberattacks and cybersecurity, the researchers organized and hosted a Collegiate SECTF grounded in the social sciences, which offered a timely and unique platform for students to learn about social engineering topics, such as OSINT, phishing, and vishing, in a hands-on, engaging, and ethical manner. This paper details the planning and logistics of the virtual SECTF event which took place October 2020 at Temple University and hosted 6 teams of undergraduate students from across the world. Students’ experiences while participating in this event are described in detail, with insight on teams’ preparations, group formation and dynamics, strategies and adaptations, learning benefits, and thoughts on each individual flag. The success and positive student responses from the inaugural SECTF provide a proof of concept, demonstrating that experiential learning can be used to teach students about SE.