CYBERSECURITYEscape Game
Test your knowledge aboutCybersecurity!
Start
www.7hub.eu
THE MISSION
During the night, a group of hackers infiltrated the network of the ATHENA industrial complex, the central computer system that controls every sector of the automated factory. Production lines are down, customer data is at risk. You are Agent Zero, a cybersecurity analyst tasked with regaining control of the compromised sectors before the intruders erase all traces of their actions. To succeed, you'll need to explore different areas of the system—from the Control Room to the Data Vault—and tackle challenges that will test your basic cybersecurity knowledge. Each mission represents a critical section of the network: only by responding correctly can you restore security modules, unlock access codes, and advance to the heart of the system. Stay sharp, agent: every answer can mean the difference between data recovery and the collapse of the entire infrastructure. Good luck. The security of the ATHENA network is now in your hands.
MISSION 1 CONTROL ROOM
Someone has attempted to access the central system through unauthorized channels! ATHENA detects suspicious emails, unsecured Wi-Fi connections, and compromised messages. Analyze the clues, recognize the attacks, and identify the hackers' point of entry to regain control of the network and unlock the next sector.
The suspicious message
00:30
You set off the alarm. React in the right way before you get caught.
SOLUTION 1.1
🟩 Correct answer: ✅ “I hover my mouse over the link to check if the web address matches the official website.” This is the correct verification procedure because phishing messages often perfectly mimic authentic emails (logo, tone, sender address). However, the real clue is the link: by hovering your mouse over it (without clicking), you can see the destination URL. If the address does not match the official domain (e.g., instead of www.bancaxyz.it, you see www.bancaxyz-sicurezza.com or bancaxyz.login-update.net), it means that the message is fake and is designed to steal your credentials. 🟥 Wrong answer: ❌ “I'll click on the link right away to update my password before it expires.” Urgency (“update your password now or you'll lose access”) is a social engineering technique used to push you to act without thinking. By clicking on the link, you could open a fake page (very similar to the original) where you will enter your credentials, which will be stolen.
The public connection
00:30
You set off the alarm. React in the right way before you get caught.
SOLUTION 1.2
🟩 Correct answer: ✅ “I avoid entering credentials or sensitive data until I am on a secure network.” This is the safest choice because public Wi-Fi networks do not guarantee data protection: anyone connected to the network can potentially intercept the information transmitted. It is better to wait until you are on a private network or use a secure connection (VPN) before accessing email or other services that require credentials. 🟥 Wrong answer: ❌ “I use the network anyway: it's protected by the barista's password.” The fact that the network has a password does not mean it is secure: the same key is shared by all customers and does not prevent malicious individuals from intercepting data or installing malicious software. Using it to access personal accounts exposes you to the risk of credential theft.
00:30
The "urgent" file
You set off the alarm. React in the right way before you get caught.
SOLUTION 1.3
🟩 Correct answer: ✅ “I don't open it and check with him first to see what it is, asking for confirmation through another channel.” This is the right choice because files with the “.exe” extension are executable files and may contain viruses or malware. Even if the message comes from a known contact, their account may have been compromised. It is always best to ask the sender for confirmation by another means (e.g., a phone call or email) before opening the file. 🟥 Wrong answer: ❌ “I open it right away: if it comes from a known contact, it can't be dangerous.” This is a common mistake: scammers often exploit stolen or infected profiles to spread malicious files. Opening an “.exe” file without checking its origin can install malicious software on your device, with the risk of data theft or system lockdown.
Thanks to your quick thinking, the system regains control of the Control Room. ATHENA sends you new coordinates:
Energy Sector – Generator Room. Intrusion detected. Take immediate action.
MISSION 2 GENERATOR
Energy sector compromised. Imminent blackout risk. In the generator room, the monitors are flashing: hackers have attempted to disable the backup systems to cover their tracks. You must restore digital energy security, fix the flaws, and reestablish the connection between the power supply and the grid before the entire system collapses.
The suspicious app
00:30
You set off the alarm. React in the right way before you get caught.
SOLUTION 2.1
🟩 Correct answer: ✅ “I deny unnecessary permissions or uninstall the app.” This is the safest choice because some free apps require permissions unrelated to their actual functions (such as camera, microphone, or location) to collect personal data or share it with third parties. Denying unnecessary permissions or uninstalling the app protects your privacy and reduces the risk of tracking or information theft. 🟥 Incorrect answers: ❌ “I accept everything so I can use it without any problems.” / “I accept everything: it's necessary for the app to work.” Both choices are risky because granting unnecessary permissions can allow the app to access and transmit sensitive data. Many apps work even without such permissions: granting them indiscriminately exposes you to potential privacy violations and the installation of malicious software.
00:30
The access key
You set off the alarm. React in the right way before you get caught.
SOLUTION 2.2
🟩 Correct answer: ✅ “Use a unique, long password with symbols and numbers.” This is the safest practice because a complex password that is different for each account reduces the risk that a credential theft will compromise other services. Strong passwords should be at least 12 characters long, combining uppercase and lowercase letters, numbers, and symbols. 🟥 Incorrect answers: ❌ “Reuse the password you remember best” / “Use the same password but with a different number at the end.” Both are unsafe practices: reusing or slightly modifying the same password makes it easier for hackers to guess or breach multiple accounts at once. When in doubt, it is best to use a password manager to store them securely.
The bank's message
00:30
You set off the alarm. React in the right way before you get caught.
SOLUTION 2.3
🟩 Correct answer: ✅ “Contact the bank through official channels without clicking the link.” This is the safest choice because urgent messages asking you to confirm a payment by clicking a link are a common phishing technique. Even if the sender appears to be the company’s bank, you should never interact with links received via SMS. It is essential to verify the request by contacting the bank directly through verified official channels, avoiding any interaction with the suspicious message. Moreover, the anomalous traffic detected by ATHENA is a clear sign of a potential attack. In these cases, never click and never enter personal data or credentials. 🟥 Wrong answers: ❌ “I click the link but do not enter my data immediately.” ❌ “I click and follow the instructions for safety.” Both are extremely risky practices: clicking a suspicious link can already activate malware, trojans, or redirect you to fraudulent sites, even without entering any information. Following the instructions provided by the message exposes the company to credential theft, financial fraud, and potential system compromise. The basic rule is: never trust links in urgent messages. When in doubt, always contact the bank using its official channels.
Thanks to your decisions, the power systems are restored and the blackout is avoided. ATHENA sends you a new message:
“Attention, suspicious activity detected in the Administrative Office. This could be the hackers' inside contact.”
MISSION 3 Administrative Office
The exact point from which hackers appear to have obtained the login credentials. The director denies any involvement, but traces of compromised emails, installations, and messages are found on his terminal. Your mission is to reconstruct the chain of human error that opened the breach: recognize manipulation techniques and deceptive software to trace the origin of the attack.
00:30
The flash sale
You set off the alarm. React in the right way before you get caught.
SOLUTION 3.1
🟩 Correct answer: ✅ “Recognize that urgency is an online scam technique.” This is the right choice because online scams exploit urgency to push users to make decisions without thinking. Offers with deadlines of just a few minutes or excessive discounts (such as 90%) are clear signs of attempted fraud. In these cases, it is best to close the site immediately and check whether the offer really exists on the brand's official website. 🟥 Incorrect answers: ❌ “Try using a prepaid card to reduce the risk” / “Take advantage of it now: an offer like this doesn't come along often.” Even when using a prepaid card, you are still exposed to the risk of data theft or cloning. Giving in to haste or apparent convenience is exactly what scammers expect: no legitimate offer requires immediate decisions or such short payment times.
The “useful” program
00:30
You set off the alarm. React in the right way before you get caught.
SOLUTION 3.2
🟩 Correct answer: ✅ “Stop the installation: it could be malicious software.” This is the safest choice because no legitimate program should require you to disable your antivirus. This request is a clear sign of possible malware attempting to bypass your system's defenses to install itself or steal data. It is best to stop the installation immediately and verify the reliability of the software on the manufacturer's official website. 🟥 Wrong answers: ❌ “Disable your antivirus for just a few minutes” / “Accept: this often happens with legitimate programs.” Both options are risky because even briefly disabling your antivirus exposes your computer to infection. Safe programs never ask you to suspend your protections: doing so means giving the green light to possible viruses or Trojans.
The suspicious request
00:30
You set off the alarm. React in the right way before you get caught.
SOLUTION 3.3
🟩 Correct answer: ✅ “Do not send the password and notify the IT department immediately.” This is the correct choice because no legitimate colleague or department should ask for a password via email. This is most likely an internal phishing attempt, where a malicious person pretends to be a colleague to gain access to company accounts. Notifying IT immediately allows you to block the attack and protect the entire network. 🟥 Incorrect answers: ❌ “Send it to them, but change your password afterwards” / “Only give it to them if you are sure the email is from them.” Both answers are dangerous: changing your password afterwards does not eliminate the risk, and an apparently authentic email can be forged. No password communication is ever secure via email: the only correct behavior is to never share it and report the anomaly immediately.
You discovered how hackers gained access: a combination of naivety and malware.
ATHENA confirms that the malware signal is moving towards the factory's production center.
MISSION 4 Production center
ATHENA detects an anomaly in the heart of the factory: machines are moving on their own, responding to unknown commands. Hackers have infected the industrial control network and are attempting to modify security protocols. You must locate the malware, secure communications, and prevent the attack from compromising production.
The misleading message
00:30
You set off the alarm. React in the right way before you get caught.
SOLUTION 4.1
🟩 Correct answer: ✅ “Close the window and run a scan with your antivirus software.” This is the right choice because these messages are fake infection alerts, used to scare the user into clicking on malicious links or downloading dangerous software. By closing the window without clicking and running a scan with your official antivirus software, you can safely check if there are any real threats. 🟥 Wrong answers: ❌ “Click on the link just to read more.” / “Ignore the message and continue browsing” / “Restart your computer and hope the message disappears” All of these options are risky or ineffective: clicking can infect your system, ignoring does not eliminate the problem, and restarting does not solve the cause. Only reliable antivirus software installed on your device can confirm and remove any real threats.
The missing padlock
00:30
You set off the alarm. React in the right way before you get caught.
SOLUTION 4.2
🟩 Correct answer: ✅ “The connection is not secure and data may be intercepted.” This is the correct answer because the absence of the padlock indicates that the site does not use the HTTPS protocol, but the less secure HTTP. In this case, the information entered (such as passwords or bank details) may be intercepted or modified by third parties. It is best to avoid entering personal data until the padlock appears. 🟥 Incorrect answers: ❌ “The site is temporarily offline” / “The site is slow but secure” / “The site is new and has yet to obtain a certificate.” None of these options are correct: the padlock does not depend on the speed or novelty of the site. Even newly created sites can immediately obtain a free HTTPS certificate. If it is missing, it means that the connection is not secure and therefore potentially dangerous.
The confidential document
00:30
You set off the alarm. React in the right way before you get caught.
SOLUTION 4.3
🟩 Correct answer: ✅ “Use an encrypted platform or password-protected link.” This is the most secure method because it ensures that only the authorized recipient can access the document. Encrypted platforms (such as cloud services with end-to-end encryption or links with passwords and expiration dates) protect data from unauthorized access and interception. 🟥 Incorrect answers: ❌ “Send the file via WhatsApp” / “Attach it to a personal email” / “Upload it to a USB stick and leave it on your colleague's desk” All of these methods expose the document to risks: WhatsApp and personal emails do not offer adequate protection for confidential files, while a USB stick can be lost, copied, or infected with malware. Encryption remains the only guarantee of security and confidentiality.
You have isolated the malware and reestablished secure communications between the machines. ATHENA sends you one last encrypted message:
“The network is stable, but a secondary access point is still active in the basement. The last trace of the hacker group has been located in the Data Vault.”
MISSION 5 Underground Data Archive
Go down into the factory basement. The air is thick, the neon lights flicker.ATHENA guides you to the Data Vault, where the hacker group left the last backdoor open. This is where backup copies, customer information, and system logs are stored: if they fall into the wrong hands, the entire network will be compromised. You must eliminate any remaining vulnerabilities and seal the digital heart of the factory.
The ghost network
00:30
You set off the alarm. React in the right way before you get caught.
SOLUTION 5.1
🟩 Correct answer: ✅ “I check that it is the official network before connecting.” This is the right choice because many public networks with names similar to official ones (e.g., Free_Airport_WiFi1) can be created by malicious individuals to steal data or intercept traffic. Before connecting, it is always a good idea to ask airport staff for confirmation or check the information panels to see which network is authorized. 🟥 Incorrect answers: ❌ “I connect, but I avoid online transactions” / “I connect immediately: if it's open, it must be the right one” / “I use an app to speed up the public connection” All of these choices are risky: even without making transactions, connecting to a fake network can expose you to data theft or malicious installations. No app can make an unverified network secure — only official confirmation or the use of a VPN guarantees a reliable connection.
The forgotten disc
00:30
You set off the alarm. React in the right way before you get caught.
SOLUTION 5.2
🟩 Correct answer: ✅ “Securely delete the data or physically destroy the disk.” This is the correct choice because even after simple formatting, data can be recovered with file recovery tools. To protect sensitive information, you need to use secure deletion software (which overwrites the data multiple times) or physically destroy the disk, making it impossible to access the data. 🟥 Incorrect answers: ❌ “Quick format it” / “Leave it as it is: the old files are no longer needed” / “Copy the data to a USB stick and throw the disk away without deleting it.” All of these options are unsafe because they leave the data potentially recoverable. Even if it is no longer needed, it may contain sensitive personal or business information. Only secure deletion or physical destruction of the media guarantees total protection.
The suspicious quiz
00:30
You set off the alarm. React in the right way before you get caught.
SOLUTION 5.3
🟩 Correct answer: ✅ “Reject: it could collect data for unclear purposes.” This is the correct choice because many “fun” quizzes or apps on social media actually collect personal information and contact details for marketing or profiling purposes. Granting access to your full profile exposes you to risks of privacy violations or identity theft. It is always best to avoid apps that ask for more permissions than necessary. 🟥 Incorrect answers: ❌ “Accept, but then revoke permissions” / “Accept: it's just a game, no risk” / “Share it with friends to see who falls for it” All of these actions are risky: once permissions are granted, data may already have been copied or shared. Even a simple game can hide massive collections of personal data. Prevention is the only defense: do not authorize access and do not spread the app.
You have eliminated the backdoor and sealed the Data Vault. ATHENA regains complete control of the network and transmits the final message:
“System restored. Attack neutralized. Excellent work, Agent Zero.” However, a line of code remains flashing on the monitor:>
However, the logs reveal a small intermittent signal: a residual beacon that periodically attempts to contact an external node. ATHENA reports it as SIGNAL UNKNOWN... CONNECTION PENDING. This means that the hackers may have left a secondary access point or recall mechanism—stopped for now, but not yet completely deleted. The threat is reduced, not eliminated.
ALERT
The hacker has decided to launch one last challenge to penetrate the system. You will have to recognize the only real image, not generated by Artificial Intelligence.
The hacker takes possession of your data and posts it on the dark web: you failed to protect Athena.
This image is AI-generated, and this can be recognized by several obvious signs: the skin is unnaturally smooth and uniform, with no pores or imperfections; the eyes show reflections and shades that are too sharp and regular, typical of synthetic images; eyelashes and eyebrows are perfectly aligned and symmetrical; the hair has unnatural contours and unrealistic transitions with the background; finally, the logo on the T-shirt and the folds of the fabric do not follow a realistic perspective and lighting consistency. All these elements confirm that this is an image generated by artificial intelligence.
COME BACK
The hacker takes possession of your data and posts it on the dark web: you failed to protect Athena.
This image is AI-generated, and there are several clues that reveal this. The potatoes in the foreground have irregular but unnaturally smooth shapes, with shadows that are inconsistent with the light. The food on the tablecloth (bread, pancakes, cups) appears with plastic textures and unrealistic reflections, often “blurred” or distorted at the edges. Even the plates and teapot show distorted perspectives and blurred contours. The subjects' hands and some areas of their clothing show small anomalies in detail (fingers, folds, seams), typical of AI generations.
COME BACK
The hacker takes possession of your data and posts it on the dark web: you failed to protect Athena.
The face has overly smooth and even skin, without pores or minor imperfections; the eyes and smile are extremely symmetrical, which is rare in a real photo. The reflections on the floor and plastic surfaces of the cart show slight inconsistencies in the direction of the light, and the objects inside the cart have slightly “blurred” or distorted edges, with textures that look more painted than photographic. The hands and the position of the mop also appear unnaturally stiff, as if they were generated rather than captured by a camera. All these clues confirm that this is an image created by artificial intelligence.
COME BACK
Well done! You found the only real image. The hacker does not have access to your data. You saved Athena.
This image is not AI-generated, as can be seen from several elements of natural consistency: The light and shadows are perfectly realistic: the lighting is soft and consistent with the direction of the sun, with no “flat” or artificially lit areas. The texture of the skin and fabrics is complex and realistic, with small imperfections, wrinkles, and folds that vary naturally. The movement and position of the body are believable, with a natural weight distribution and posture consistent with the activity. The ground shows authentic details: clumps of earth, shadows, footprints, and color variations that are difficult to replicate with an AI generator. The background (trees, depth of field, progressive blur) is also optically correct and typical of a photograph taken with a real lens.
NEXT PAGE
Authentication complete. Digital signature verified. Real image identified. Malware connection terminated.
SECURITY LEVEL — 100% RESTOREDMISSION COMPLETED
The CYBERSECURITY Escape Game edition was created entirely by ETS 7Hub, a third sector organization based in Taranto, as part of the European Erasmus+ DefendEUrself Innovative Cybersecurity Skills for Seniors project (2025-1-BE01-KA220-ADU-000350280) and is available completely free of charge. For further information, visit www.7hub.eu or contact us at associazione7hub@gmail.com.
Start over
ARE YOU SURE YOU WANT TO EXIT?
You will lose your progress
exit
Back
CYBERSECURITY Escape Game ENG
Antonio Caso
Created on October 24, 2025
Start designing with a free template
Discover more than 1500 professional designs like these:
View
Math Mission
View
Secret Code
View
Earth Day Escape Room
View
Reboot Protocol
View
Corporate Escape Room: Operation Christmas
View
Witchcraft Escape Room
View
Video Game Breakout
Explore all templates
Transcript
CYBERSECURITYEscape Game
Test your knowledge aboutCybersecurity!
Start
www.7hub.eu
THE MISSION
During the night, a group of hackers infiltrated the network of the ATHENA industrial complex, the central computer system that controls every sector of the automated factory. Production lines are down, customer data is at risk. You are Agent Zero, a cybersecurity analyst tasked with regaining control of the compromised sectors before the intruders erase all traces of their actions. To succeed, you'll need to explore different areas of the system—from the Control Room to the Data Vault—and tackle challenges that will test your basic cybersecurity knowledge. Each mission represents a critical section of the network: only by responding correctly can you restore security modules, unlock access codes, and advance to the heart of the system. Stay sharp, agent: every answer can mean the difference between data recovery and the collapse of the entire infrastructure. Good luck. The security of the ATHENA network is now in your hands.
MISSION 1 CONTROL ROOM
Someone has attempted to access the central system through unauthorized channels! ATHENA detects suspicious emails, unsecured Wi-Fi connections, and compromised messages. Analyze the clues, recognize the attacks, and identify the hackers' point of entry to regain control of the network and unlock the next sector.
The suspicious message
00:30
You set off the alarm. React in the right way before you get caught.
SOLUTION 1.1
🟩 Correct answer: ✅ “I hover my mouse over the link to check if the web address matches the official website.” This is the correct verification procedure because phishing messages often perfectly mimic authentic emails (logo, tone, sender address). However, the real clue is the link: by hovering your mouse over it (without clicking), you can see the destination URL. If the address does not match the official domain (e.g., instead of www.bancaxyz.it, you see www.bancaxyz-sicurezza.com or bancaxyz.login-update.net), it means that the message is fake and is designed to steal your credentials. 🟥 Wrong answer: ❌ “I'll click on the link right away to update my password before it expires.” Urgency (“update your password now or you'll lose access”) is a social engineering technique used to push you to act without thinking. By clicking on the link, you could open a fake page (very similar to the original) where you will enter your credentials, which will be stolen.
The public connection
00:30
You set off the alarm. React in the right way before you get caught.
SOLUTION 1.2
🟩 Correct answer: ✅ “I avoid entering credentials or sensitive data until I am on a secure network.” This is the safest choice because public Wi-Fi networks do not guarantee data protection: anyone connected to the network can potentially intercept the information transmitted. It is better to wait until you are on a private network or use a secure connection (VPN) before accessing email or other services that require credentials. 🟥 Wrong answer: ❌ “I use the network anyway: it's protected by the barista's password.” The fact that the network has a password does not mean it is secure: the same key is shared by all customers and does not prevent malicious individuals from intercepting data or installing malicious software. Using it to access personal accounts exposes you to the risk of credential theft.
00:30
The "urgent" file
You set off the alarm. React in the right way before you get caught.
SOLUTION 1.3
🟩 Correct answer: ✅ “I don't open it and check with him first to see what it is, asking for confirmation through another channel.” This is the right choice because files with the “.exe” extension are executable files and may contain viruses or malware. Even if the message comes from a known contact, their account may have been compromised. It is always best to ask the sender for confirmation by another means (e.g., a phone call or email) before opening the file. 🟥 Wrong answer: ❌ “I open it right away: if it comes from a known contact, it can't be dangerous.” This is a common mistake: scammers often exploit stolen or infected profiles to spread malicious files. Opening an “.exe” file without checking its origin can install malicious software on your device, with the risk of data theft or system lockdown.
Thanks to your quick thinking, the system regains control of the Control Room. ATHENA sends you new coordinates:
Energy Sector – Generator Room. Intrusion detected. Take immediate action.
MISSION 2 GENERATOR
Energy sector compromised. Imminent blackout risk. In the generator room, the monitors are flashing: hackers have attempted to disable the backup systems to cover their tracks. You must restore digital energy security, fix the flaws, and reestablish the connection between the power supply and the grid before the entire system collapses.
The suspicious app
00:30
You set off the alarm. React in the right way before you get caught.
SOLUTION 2.1
🟩 Correct answer: ✅ “I deny unnecessary permissions or uninstall the app.” This is the safest choice because some free apps require permissions unrelated to their actual functions (such as camera, microphone, or location) to collect personal data or share it with third parties. Denying unnecessary permissions or uninstalling the app protects your privacy and reduces the risk of tracking or information theft. 🟥 Incorrect answers: ❌ “I accept everything so I can use it without any problems.” / “I accept everything: it's necessary for the app to work.” Both choices are risky because granting unnecessary permissions can allow the app to access and transmit sensitive data. Many apps work even without such permissions: granting them indiscriminately exposes you to potential privacy violations and the installation of malicious software.
00:30
The access key
You set off the alarm. React in the right way before you get caught.
SOLUTION 2.2
🟩 Correct answer: ✅ “Use a unique, long password with symbols and numbers.” This is the safest practice because a complex password that is different for each account reduces the risk that a credential theft will compromise other services. Strong passwords should be at least 12 characters long, combining uppercase and lowercase letters, numbers, and symbols. 🟥 Incorrect answers: ❌ “Reuse the password you remember best” / “Use the same password but with a different number at the end.” Both are unsafe practices: reusing or slightly modifying the same password makes it easier for hackers to guess or breach multiple accounts at once. When in doubt, it is best to use a password manager to store them securely.
The bank's message
00:30
You set off the alarm. React in the right way before you get caught.
SOLUTION 2.3
🟩 Correct answer: ✅ “Contact the bank through official channels without clicking the link.” This is the safest choice because urgent messages asking you to confirm a payment by clicking a link are a common phishing technique. Even if the sender appears to be the company’s bank, you should never interact with links received via SMS. It is essential to verify the request by contacting the bank directly through verified official channels, avoiding any interaction with the suspicious message. Moreover, the anomalous traffic detected by ATHENA is a clear sign of a potential attack. In these cases, never click and never enter personal data or credentials. 🟥 Wrong answers: ❌ “I click the link but do not enter my data immediately.” ❌ “I click and follow the instructions for safety.” Both are extremely risky practices: clicking a suspicious link can already activate malware, trojans, or redirect you to fraudulent sites, even without entering any information. Following the instructions provided by the message exposes the company to credential theft, financial fraud, and potential system compromise. The basic rule is: never trust links in urgent messages. When in doubt, always contact the bank using its official channels.
Thanks to your decisions, the power systems are restored and the blackout is avoided. ATHENA sends you a new message:
“Attention, suspicious activity detected in the Administrative Office. This could be the hackers' inside contact.”
MISSION 3 Administrative Office
The exact point from which hackers appear to have obtained the login credentials. The director denies any involvement, but traces of compromised emails, installations, and messages are found on his terminal. Your mission is to reconstruct the chain of human error that opened the breach: recognize manipulation techniques and deceptive software to trace the origin of the attack.
00:30
The flash sale
You set off the alarm. React in the right way before you get caught.
SOLUTION 3.1
🟩 Correct answer: ✅ “Recognize that urgency is an online scam technique.” This is the right choice because online scams exploit urgency to push users to make decisions without thinking. Offers with deadlines of just a few minutes or excessive discounts (such as 90%) are clear signs of attempted fraud. In these cases, it is best to close the site immediately and check whether the offer really exists on the brand's official website. 🟥 Incorrect answers: ❌ “Try using a prepaid card to reduce the risk” / “Take advantage of it now: an offer like this doesn't come along often.” Even when using a prepaid card, you are still exposed to the risk of data theft or cloning. Giving in to haste or apparent convenience is exactly what scammers expect: no legitimate offer requires immediate decisions or such short payment times.
The “useful” program
00:30
You set off the alarm. React in the right way before you get caught.
SOLUTION 3.2
🟩 Correct answer: ✅ “Stop the installation: it could be malicious software.” This is the safest choice because no legitimate program should require you to disable your antivirus. This request is a clear sign of possible malware attempting to bypass your system's defenses to install itself or steal data. It is best to stop the installation immediately and verify the reliability of the software on the manufacturer's official website. 🟥 Wrong answers: ❌ “Disable your antivirus for just a few minutes” / “Accept: this often happens with legitimate programs.” Both options are risky because even briefly disabling your antivirus exposes your computer to infection. Safe programs never ask you to suspend your protections: doing so means giving the green light to possible viruses or Trojans.
The suspicious request
00:30
You set off the alarm. React in the right way before you get caught.
SOLUTION 3.3
🟩 Correct answer: ✅ “Do not send the password and notify the IT department immediately.” This is the correct choice because no legitimate colleague or department should ask for a password via email. This is most likely an internal phishing attempt, where a malicious person pretends to be a colleague to gain access to company accounts. Notifying IT immediately allows you to block the attack and protect the entire network. 🟥 Incorrect answers: ❌ “Send it to them, but change your password afterwards” / “Only give it to them if you are sure the email is from them.” Both answers are dangerous: changing your password afterwards does not eliminate the risk, and an apparently authentic email can be forged. No password communication is ever secure via email: the only correct behavior is to never share it and report the anomaly immediately.
You discovered how hackers gained access: a combination of naivety and malware.
ATHENA confirms that the malware signal is moving towards the factory's production center.
MISSION 4 Production center
ATHENA detects an anomaly in the heart of the factory: machines are moving on their own, responding to unknown commands. Hackers have infected the industrial control network and are attempting to modify security protocols. You must locate the malware, secure communications, and prevent the attack from compromising production.
The misleading message
00:30
You set off the alarm. React in the right way before you get caught.
SOLUTION 4.1
🟩 Correct answer: ✅ “Close the window and run a scan with your antivirus software.” This is the right choice because these messages are fake infection alerts, used to scare the user into clicking on malicious links or downloading dangerous software. By closing the window without clicking and running a scan with your official antivirus software, you can safely check if there are any real threats. 🟥 Wrong answers: ❌ “Click on the link just to read more.” / “Ignore the message and continue browsing” / “Restart your computer and hope the message disappears” All of these options are risky or ineffective: clicking can infect your system, ignoring does not eliminate the problem, and restarting does not solve the cause. Only reliable antivirus software installed on your device can confirm and remove any real threats.
The missing padlock
00:30
You set off the alarm. React in the right way before you get caught.
SOLUTION 4.2
🟩 Correct answer: ✅ “The connection is not secure and data may be intercepted.” This is the correct answer because the absence of the padlock indicates that the site does not use the HTTPS protocol, but the less secure HTTP. In this case, the information entered (such as passwords or bank details) may be intercepted or modified by third parties. It is best to avoid entering personal data until the padlock appears. 🟥 Incorrect answers: ❌ “The site is temporarily offline” / “The site is slow but secure” / “The site is new and has yet to obtain a certificate.” None of these options are correct: the padlock does not depend on the speed or novelty of the site. Even newly created sites can immediately obtain a free HTTPS certificate. If it is missing, it means that the connection is not secure and therefore potentially dangerous.
The confidential document
00:30
You set off the alarm. React in the right way before you get caught.
SOLUTION 4.3
🟩 Correct answer: ✅ “Use an encrypted platform or password-protected link.” This is the most secure method because it ensures that only the authorized recipient can access the document. Encrypted platforms (such as cloud services with end-to-end encryption or links with passwords and expiration dates) protect data from unauthorized access and interception. 🟥 Incorrect answers: ❌ “Send the file via WhatsApp” / “Attach it to a personal email” / “Upload it to a USB stick and leave it on your colleague's desk” All of these methods expose the document to risks: WhatsApp and personal emails do not offer adequate protection for confidential files, while a USB stick can be lost, copied, or infected with malware. Encryption remains the only guarantee of security and confidentiality.
You have isolated the malware and reestablished secure communications between the machines. ATHENA sends you one last encrypted message:
“The network is stable, but a secondary access point is still active in the basement. The last trace of the hacker group has been located in the Data Vault.”
MISSION 5 Underground Data Archive
Go down into the factory basement. The air is thick, the neon lights flicker.ATHENA guides you to the Data Vault, where the hacker group left the last backdoor open. This is where backup copies, customer information, and system logs are stored: if they fall into the wrong hands, the entire network will be compromised. You must eliminate any remaining vulnerabilities and seal the digital heart of the factory.
The ghost network
00:30
You set off the alarm. React in the right way before you get caught.
SOLUTION 5.1
🟩 Correct answer: ✅ “I check that it is the official network before connecting.” This is the right choice because many public networks with names similar to official ones (e.g., Free_Airport_WiFi1) can be created by malicious individuals to steal data or intercept traffic. Before connecting, it is always a good idea to ask airport staff for confirmation or check the information panels to see which network is authorized. 🟥 Incorrect answers: ❌ “I connect, but I avoid online transactions” / “I connect immediately: if it's open, it must be the right one” / “I use an app to speed up the public connection” All of these choices are risky: even without making transactions, connecting to a fake network can expose you to data theft or malicious installations. No app can make an unverified network secure — only official confirmation or the use of a VPN guarantees a reliable connection.
The forgotten disc
00:30
You set off the alarm. React in the right way before you get caught.
SOLUTION 5.2
🟩 Correct answer: ✅ “Securely delete the data or physically destroy the disk.” This is the correct choice because even after simple formatting, data can be recovered with file recovery tools. To protect sensitive information, you need to use secure deletion software (which overwrites the data multiple times) or physically destroy the disk, making it impossible to access the data. 🟥 Incorrect answers: ❌ “Quick format it” / “Leave it as it is: the old files are no longer needed” / “Copy the data to a USB stick and throw the disk away without deleting it.” All of these options are unsafe because they leave the data potentially recoverable. Even if it is no longer needed, it may contain sensitive personal or business information. Only secure deletion or physical destruction of the media guarantees total protection.
The suspicious quiz
00:30
You set off the alarm. React in the right way before you get caught.
SOLUTION 5.3
🟩 Correct answer: ✅ “Reject: it could collect data for unclear purposes.” This is the correct choice because many “fun” quizzes or apps on social media actually collect personal information and contact details for marketing or profiling purposes. Granting access to your full profile exposes you to risks of privacy violations or identity theft. It is always best to avoid apps that ask for more permissions than necessary. 🟥 Incorrect answers: ❌ “Accept, but then revoke permissions” / “Accept: it's just a game, no risk” / “Share it with friends to see who falls for it” All of these actions are risky: once permissions are granted, data may already have been copied or shared. Even a simple game can hide massive collections of personal data. Prevention is the only defense: do not authorize access and do not spread the app.
You have eliminated the backdoor and sealed the Data Vault. ATHENA regains complete control of the network and transmits the final message:
“System restored. Attack neutralized. Excellent work, Agent Zero.” However, a line of code remains flashing on the monitor:>
However, the logs reveal a small intermittent signal: a residual beacon that periodically attempts to contact an external node. ATHENA reports it as SIGNAL UNKNOWN... CONNECTION PENDING. This means that the hackers may have left a secondary access point or recall mechanism—stopped for now, but not yet completely deleted. The threat is reduced, not eliminated.
ALERT
The hacker has decided to launch one last challenge to penetrate the system. You will have to recognize the only real image, not generated by Artificial Intelligence.
The hacker takes possession of your data and posts it on the dark web: you failed to protect Athena.
This image is AI-generated, and this can be recognized by several obvious signs: the skin is unnaturally smooth and uniform, with no pores or imperfections; the eyes show reflections and shades that are too sharp and regular, typical of synthetic images; eyelashes and eyebrows are perfectly aligned and symmetrical; the hair has unnatural contours and unrealistic transitions with the background; finally, the logo on the T-shirt and the folds of the fabric do not follow a realistic perspective and lighting consistency. All these elements confirm that this is an image generated by artificial intelligence.
COME BACK
The hacker takes possession of your data and posts it on the dark web: you failed to protect Athena.
This image is AI-generated, and there are several clues that reveal this. The potatoes in the foreground have irregular but unnaturally smooth shapes, with shadows that are inconsistent with the light. The food on the tablecloth (bread, pancakes, cups) appears with plastic textures and unrealistic reflections, often “blurred” or distorted at the edges. Even the plates and teapot show distorted perspectives and blurred contours. The subjects' hands and some areas of their clothing show small anomalies in detail (fingers, folds, seams), typical of AI generations.
COME BACK
The hacker takes possession of your data and posts it on the dark web: you failed to protect Athena.
The face has overly smooth and even skin, without pores or minor imperfections; the eyes and smile are extremely symmetrical, which is rare in a real photo. The reflections on the floor and plastic surfaces of the cart show slight inconsistencies in the direction of the light, and the objects inside the cart have slightly “blurred” or distorted edges, with textures that look more painted than photographic. The hands and the position of the mop also appear unnaturally stiff, as if they were generated rather than captured by a camera. All these clues confirm that this is an image created by artificial intelligence.
COME BACK
Well done! You found the only real image. The hacker does not have access to your data. You saved Athena.
This image is not AI-generated, as can be seen from several elements of natural consistency: The light and shadows are perfectly realistic: the lighting is soft and consistent with the direction of the sun, with no “flat” or artificially lit areas. The texture of the skin and fabrics is complex and realistic, with small imperfections, wrinkles, and folds that vary naturally. The movement and position of the body are believable, with a natural weight distribution and posture consistent with the activity. The ground shows authentic details: clumps of earth, shadows, footprints, and color variations that are difficult to replicate with an AI generator. The background (trees, depth of field, progressive blur) is also optically correct and typical of a photograph taken with a real lens.
NEXT PAGE
Authentication complete. Digital signature verified. Real image identified. Malware connection terminated.
SECURITY LEVEL — 100% RESTOREDMISSION COMPLETED
The CYBERSECURITY Escape Game edition was created entirely by ETS 7Hub, a third sector organization based in Taranto, as part of the European Erasmus+ DefendEUrself Innovative Cybersecurity Skills for Seniors project (2025-1-BE01-KA220-ADU-000350280) and is available completely free of charge. For further information, visit www.7hub.eu or contact us at associazione7hub@gmail.com.
Start over
ARE YOU SURE YOU WANT TO EXIT?
You will lose your progress
exit
Back