Press "Enter" to skip to content

Social Engineering Competition

What is the Social Engineering Competition (SEC) all about?

The SEC allows students to compete in a purely social engineering experience that is grounded in the social sciences. The competition offers a timely and unique platform for students to learn about social engineering in a hands-on, engaging, and ethical manner. The competition has a different theme each year to demonstrate the relevance of social engineering across various cybersecurity areas, and is open to high school, undergraduate, and graduate students.

Competition by the Numbers (2020–2025)

🎓 534 total participants

  • 91 high school students
  • 388 undergraduate students
  • 55 graduate students

Origins and Mission

The Social Engineering Competition was originally developed as part of an NSF-funded education and outreach initiative (NSF Award #2032292) focused on broadening participation in cybersecurity education. Grounded in NSF’s strategic priorities around workforce development, the competition was designed to engage students from a variety of disciplinary backgrounds, experience levels, and institutions.

Following the conclusion of the NSF funding period (January 31, 2026), the competition will continue as a standalone, fully virtual event. It operates with institutional authorization and oversight (including risk management, legal review, and ethics processes) and is informed by guidance from an external advisory board of academic and industry experts. While no longer NSF-funded, the competition remains committed to its founding mission by staying free to participate, globally accessible, and open to students across a variety academic disciplines and levels.

The theme for the 2026 competition is “AI-Enhanced Social Engineering Attacks on a Community-Based Pharmacy”. 

We are now accepting team applications for the 2026 SE Competition till February 9, 2026.

Team registration dates:
December 1, 2025 – February 9, 2026 (12pm ET)

  • Code of conduct forms (team members and advisors)
  • Media consent waivers (team members)
  • Parental consent for participation of minors (for team members under 18)

Notification: February 20, 2026

Pre-event surveys: February 20 – March 9, 2026

Orientation session (5-6 hours): March 21, 2026 (Time TBD)

Competition dates:
April 10-12, 2026: Graduate
April 17-19, 2026: Undergraduate
April 24-26, 2026: High school

Closing ceremony: April 30, 2026 (Time TBD)

What is social engineering?

Social engineering (SE) is defined as any act that uses persuasion strategies to influence individuals to take an action that may or may not be in their best interests. Many people use social engineering in everyday contexts.

Why is social engineering relevant?

SE is often used to conduct reconnaissance, which is the first stage of a cyberattack. Previous research indicates that adversaries, such as nation states and organized crime groups, spend a good portion of their time (50-75%) on reconnaissance. Furthermore, SE is used beyond just the initial recon stage to get more/different types of information and access.

SE may also be used maliciously by “deceiving an individual into revealing sensitive information (passwords), obtaining unauthorized access (to restricted areas such as server rooms), or committing fraud (deception via phishing) by associating with the individual to gain confidence and trust”, National Institute of Standards and Technology (NIST SP 800-63-3).

Nearly 70% of US organizations experienced SE attacks in 2017, costing the country approximately $2.76 million and each instance taking approximately 20 days to resolve. The Federal Bureau of Investigation’s 2019 Internet Crime Report noted that the total financial loss from the SE tactics of business email compromise, phishing scams, and confidence fraud/romance scams totaled more than $2.23 billion.

Cybersecurity experts agree that the human factor is increasingly being leveraged in cyberattacks, making SE a major concern for cybersecurity.

So why a ‘pure’ social engineering competition?

There are MANY cybersecurity competitions already in existence (PicoCTF, PlaidCTF, CSAW, UCSB iCTF, US Cyber Challenge, Panoply, CPTC, CCDC, CyberPatriot, Cyber Academy, to name a few). While these are all excellent sources of hands-on training, they are primarily technical in nature and have specific focus areas, such as reverse engineering, hacking, cryptography, and exploitation. They do not emphasize the relevance of the human-socio-psychological aspects of cyberattacks and cybersecurity.

Given that the human factor is increasingly being exploited by cybercriminals, a pure SE competition grounded in the social sciences offers a timely and unique platform for students to learn about this topic in a hands-on, engaging, and ethical manner.

Who can participate?

This event is open to high school, undergraduate, and graduate students. Teams are required (solo entries are not permitted). Team sizes can range from 2-4 members. Members can be from different institutions (schools/colleges), but must be at the same educational level (ex: purely high school students).

When and how can we put our application in?

The application window changes year to year – so please check our website for the latest updates!