I’ve decided to do a spinoff version of Spamocalypse for my next project. It’s based around an enemy I wanted to add, but had no time for beyond an off-hand joke: Phishers.
For anyone who doesn’t known, phishing involves misrepresentating a site or other trusted entity to steal personal information (login details, financial information – anything!). OWASP have a definition and examples here. Generally, if you get an email asking you to sign into your account…delete it.
Now I have that out of the way, the game I have in mind is currently titled “The Phishers’ Gauntlet”. The idea is that the player is cut off when a city is evacuated in the face of a invasion by the Word of Turscar, and forced to make their way through the Phisher-infested alleyways to a ROFLcopter that is waiting. The Phishers, an offshoot of the Turscarites, will either lurk on top of rooftops and wait for something to hit their Phishing Rods, or stalk the player on the ground.
Comparison with Spamocalypse
A lot of this will be taken from Spamocalypse, but there will be a few differences:
- More player characters (see below)
- Combat will be more of an option
- No loot, though I may bring in notes again
- Time limits. If you don’t get to the ROLFcopter in time, you will be left behind
In Spamocalypse, I had only one player character – an expy of Garrett from the Thief games. This time, I have at least three in mind. Two of these are parodies of some IT security people I tend to read.
- Roy Thunt, the combat expert. A parody of security researcher Troy Hunt, portrayed as a Crocodile Dundee-style hunter.
- Bryan Krabs, the stealth expert. Spoofing Brian Krebs, an investigative journalist who specialises in IT security.
- Ardino Enube, a random person in over their head. I’ll probably do them first
I heartily recommend reading the people I’m spoofing. Troy is a security researcher who runs the database breach notification site HaveIBeenPwned, and does a lot of security training for developers. He has a fair amount of information about data breaches, password management, and general web security. I’ve developed an interest in that in my day job, but he’s quite readable, so worth reading even if you aren’t very technical.
Brian is a journalist who, among other things like reporting on malware like Stuxnet and Mirai and investigating spam networks, once managed to foil a plot to frame him for possessing heroin…by lurking on the forums where the plot was being hatched. It reminds me of a certain level in the original Thief, where you rob a crime lord who just ordered a (failed) hit on Garrett…
I’m planning to give myself a year to develop this, starting from next Saturday. I have a very rough game design document done (available here).