Scamming an Internet scammer turned out to be a winning strategy for a team of four University of Nevada, Reno undergrads competing in the 2023 Summer Social Engineering Event hosted by Temple University earlier this month.
WolfHack@UNR — a four-person group comprised of Computer Science & Engineering students Roohan Amin, Austin Finch and Amber Hankins as well as College of Science undergrad Ryan Tanner — won the three-day online competition designed to demonstrate the relevance of social engineering in cybersecurity. The win carried a $1,500 prize, which the team members will share.
“I personally felt we did really good in the competition,” Finch said, “but I honestly still didn’t expect we’d get first.”
Catching the catfish
Romance scams or “catfishing” — luring someone into a relationship by creating a fictional online persona — was the theme of this year’s social engineering competition.
Catfishing isn’t a technical computer problem or flaw that a cybersecurity student might typically encounter, but it’s a very real problem: in 2022, nearly 70,000 people reported a romance scam and reported losses hit $1.3 billion, according to Federal Trade Commission data cited on the competition website.
Because these types of scams rely on manipulation and deceit, a contest to identify and prove catfishing is a little different than the typical cybersecurity contest that tests technical proficiency.
“It wasn’t a conventional cybersecurity competition,” Hankins said. “It was almost psychological.”
On each of the three competition days, the team had a brief online session with a conference organizer who posed as either the victim or the scammer in a catfishing scenario. On the first day, team members met with the “victim,” an older woman named Katie. The team interviewed Katie — who, as part of the contest scenario, did not believe she was being catfished — to gather all the “facts” about the online relationship.
On the second day, they met with the scammer — a man named Melvin. Their task was to gather evidence from Melvin that would prove he wasn’t who he said he was. Posing as Katie, the team asked Melvin for photos and other information, pretending that it was needed to create a scrapbook of the relationship. Finch made up that deception while the team was interacting with Melvin, Tanner recalled. In effect, they scammed the scammer.
“It was a brilliant move, and likely gave us the edge to win the whole thing,” Tanner said.
On the third and final day of the contest, team members met with Katie and presented evidence of the scam, but also demonstrated the empathy and compassion that would be essential had the contest scenario been a real-life situation.
Next up: tax schemes
The WolfHack@UNR team came together through the Nevada Cyber Club, a club organized within the College of Engineering for those interested in cybersecurity. Hankins is the current club president; Amin and Finch are club members; and Tanner was invited by Finch to join the WolfHack@UNR team.
Hankins said the Cyber Club hopes to stand a team for next year’s Summer Social Engineering Event, which will focus on tax schemes.