26 January 2024 • Cyber security
Social engineering is one of the biggest threats to every organization’s cyber security. It refers to every technique bad actors use to talk somebody into revealing information or performing an action.
There are hundreds of examples of social engineering. Imagine your customer gets hacked and the bad actor uses their email address to send fake invoices. Or a bad actor uses AI to deepfake your CEO’s voice during a phone call, telling an employee to wire a large sum of money immediately.
No matter how good your cyber technology stack is, there is no foolproof way to avoid this sort of social engineering. This is why it’s important to teach your employees how to recognize social engineering and how to act once they notice something is off.
In this article, we’ll share the best social engineering quizzes and games that will help you and your team become a human firewall against social engineering.
Top social engineering games and quizzes
- Guardey
- Cybersecurity Escape Room
- Counterintelligence Trivia Twirls
- Missing Link
- Riskio
- ESET
- CompTIA
1. Guardey
Guardey is a security awareness game for employees. During weekly challenges that take 3-5 minutes to complete, users learn about a wide range of cyber security topics, including social engineering. Some of the social engineering topics that are part of the game are:
- Spear phishing
- CEO fraud
- BEC
- Smishing
- Tailgating
Because users get to play a quick Guardey challenge every week, their social engineering awareness is always on. This has proven to be much more effective than yearly or even quarterly training, where the awareness reaches a peak level for a few weeks and then completely evaporates.
Guardey uses gamification to make security awareness training engaging. Users can score points, earn money for their fictional organization, win badges, and compete with their colleagues for the top spot on the leaderboard.
Pros
- Weekly challenges
- Covers all social engineering topics
- Gamification keeps users engaged
Cons
- Not free, but affordable
→ Start a 14-day free Guardey Trial
2. Cybersecurity Escape Room
If you’d rather play a social engineering game in real life, this cybersecurity escape room might be interesting.
During this game, you and your team will get the mission to unlock a device infected with ransomware. But obviously, the road to that end goal is paved with obstacles. You will face challenges about topics such as data sharing, data classification, and social engineering.
It’s not cheap, you’ll need to pay $6000 to play this game for a day. It also takes a lot of organization, and obviously isn’t a solution for regular training. However, it will leave a lasting impression on your colleagues and is a great way to improve team spirit overall.
Pros
- Highly engaging
- Good for team spirit
Cons
- Pricey
- Not suitable for recurring training
3. Counterintelligence Trivia Twirls
If you’re looking for a game/quiz for a quick one-off, this may be the thing you’re looking for. This trivia twirl takes about 20 minutes to complete in its entirety and works as a good first introduction with security awareness training.
The best part of this game is the fact that you get to spin the wheel. Who doesn’t like doing that, right? After you land on a category, you get a set of questions about a specific cyber security topic, with social engineering being one of them.
Again, not a great solution for regular training, but nice to use as an introduction to the importance of security awareness within your organization.
Pros
- Free of charge
- Fun introduction to the subject matter
Cons
- No in-depth information
- Not meant for recurring training
4. Missing Link
Missing Link is another short game that’s not suitable for recurring training, but nonetheless a good introduction to social engineering.
During this social engineering quiz, you get asked to analyze a bunch of phishing emails and point out all the clues that prove it’s a phishing mail. After doing that, you get in-depth feedback on all clues. It’s rare that users actually find every clue, which makes for a great awareness moment.
Pros
- Great introduction to the topic
- Free of charge
Cons
- Not made for recurring training
- Focuses solely on phishing
5. Riskio
Another analog social engineering game is called Riskio. In this case, it’s not an escape room, but a good ol’ tabletop game.
This game requires you to get your team together in one room together with a cybersecurity specialist. If you are a specialist or have someone in the company, this may be a great option.
Obviously, games like these are time-consuming and hard to get organized when your team has a busy schedule. But it’s a great way to get everybody on the same page about the importance of social engineering awareness once or twice a year.
Pros
- Highly engaging
- Fun to play
- High-quality content
Cons
- Requires a cyber security expert in the room to play
- Time-consuming
6. ESET
Another good introduction to social engineering awareness is this game by ESET.
In about twenty quiz questions, you learn everything from the definition of social engineering to the examples of social engineering. Great as an introduction, but not made for regular awareness training.
Pros
- Free of charge
- Direct feedback after each question
Cons
- Not made for recurring training
7. CompTIA
The same can be said for this social engineering quiz by CompTIA.
Users get about 20 questions, with questions such as ‘Which types of attacks are considered social engineering?’ However, after answering a question, you don’t get direct feedback about the answer you just gave. Even if the answer was incorrect. This is definitely a big improvement point.
Overall, a decent introduction to social engineering, but not suited for recurring employee training.
Pros
- Free of charge
Cons
- Not made for recurring training
Improve social engineering awareness with Guardey
Looking for a social engineering game that regularly trains your employees to spot spear phishing, CEO fraud, and BEC from miles away? Look no further.
Guardey is a security awareness game that lets users play weekly challenges that teach them all they need to learn about social engineering. With the gamification elements, employees are intrinsically motivated to play and stay engaged for long periods.
