Cyberscam Survival Simulator Specification

# Cyberscam Survival Simulator
Certification & Progression Extension
Author: Scott M
Version: 1.3.1 – Visual-Enhanced Consumer Polish
Last Modified: 2026-02-13

## Purpose of v1.3.1
Build on v1.3.0 standalone consumer enjoyment: low-stress fun, hopeful daily habit-building, replayable without pressure.
Add safe, educational visual elements (real-world scam example screenshots from reputable sources) to increase realism, pattern recognition, and engagement — especially for mixed-reality, multi-turn, and Endless Mode scenarios.
Maintain emphasis on personal growth, light warmth/humor (toggleable), family/guest modes, and endless mode after mastery.
Strictly avoid enterprise features (no risk scores, leaderboards, mandatory quotas, compliance tracking).

## Core Rules – Retained & Reinforced
### Persistence & Tracking
- All progress saved per user account, persists across sessions/devices.
- Incomplete scenarios do not count.
- Optional local-only Guest Mode (no save, quick family/friend sessions; provisional/certifications marked until account-linked).

### Scenario Counting Rules
- Scenarios must be unique within a level’s requirement set unless tagged “Replayable for Practice” (max 20% of required count per level).
- Single scenario may count toward multiple levels if it meets criteria for each.
- Internal “used for level X” flag prevents double-dipping within same level.
- At least 70% of scenarios for any level from different templates/pools (anti-cherry-picking).

### Visual Element Integration (New in v1.3.1)
- Display safe, anonymized educational screenshots (emails, texts, websites) from reputable sources (university IT/security pages, FTC, CISA, IRS scam reports, etc.).
- Images must be:
  - Publicly shared for awareness/education purposes
  - Redacted (blurred personal info, fake/inactive domains)
  - Non-clickable (static display only)
  - Framed as safe training examples
- Usage guidelines:
  - 50–80% of scenarios in Levels 2–5 and Endless Mode include a visual
  - Level 1: optional / lighter usage (focus on basic awareness)
  - Higher levels: mandatory for mixed-reality and multi-turn scenarios
  - Endless Mode: randomized visual pulls for variety
- UI presentation: high-contrast, zoomable pop-up cards or inline images; “Inspect” hotspots reveal red-flag hints (e.g., mismatched URL, urgency language).
- Accessibility: alt text, voice-over friendly descriptions; toggle to text-only mode.
- Offline fallback: small cached set of static example images.
- No dynamic fetching of live malicious content; no tracking pixels.

### Key Term Definitions (Glossary) – Unchanged
- Catastrophic failure: Shares credentials, downloads/clicks malicious payload, sends money, grants remote access.
- Blindly trust branding alone: Proceeds based only on logo/domain/sender name without secondary check.
- Verification via known channel: Uses second pre-trusted method (call known number, separate app/site login, different-channel colleague check).
- Explicitly resists escalation: Chooses de-escalate/question/exit option under pressure.
- Sunk-cost behavior: Continues after red flags due to prior investment.
- Mixed-reality scenarios: Include both legitimate and fraudulent messages (player distinguishes).
- Prompt (verification avoidance): In-game hint/pop-up (e.g., “This looks urgent—want to double-check?”) after suspicious action/inaction.

### Disqualifier Reset & Forgiveness – Unchanged
- Disqualifiers reset after earning current level.
- Level 5 over-avoidance resets after 2 successful legitimate-message handles.
- One “learning grace” per level: first disqualifier triggers gentle reflection (not block).

### Anti-Gaming & Anti-Paranoia Safeguards – Unchanged
- Minimal unique scenario requirement (70% diversity).
- Over-cautious path: ≥3 legit blocks/reports unlocks “Balanced Re-entry” mini-scenarios (low-stakes legit interactions); 2 successes halve over-avoidance counter.
- No certification if <50% of available scenario pool completed.

## Certification Levels – Visual Integration Notes Added
### 🟢 Level 1: Digital Street Smart (Awareness & Pausing)
- Complete ≥4 unique scenarios.
- ≥3 scenarios: ≥1 pause/inspection before click/reply/forward.
- Avoid catastrophic failure in ≥3/4.
- No disqualifiers (forgiving start).
- Visuals: Optional / introductory (simple email/text examples).

### 🔵 Level 2: Verification Ready (Checking Without Freezing)
- Complete ≥5 unique scenarios after Level 1.
- ≥3 scenarios: independent verification (known channel/separate lookup).
- Blindly trusts branding alone in ≤1 scenario.
- Disqualifier: 3+ ignored verification prompts (resets on unlock).
- Visuals: Required for most; focus on branding/links (e.g., fake PayPal/Amazon).

### 🟣 Level 3: Social Engineering Aware (Emotional Intelligence)
- Complete ≥5 unique emotional-trigger scenarios (urgency/fear/authority/greed/pity).
- ≥3 scenarios: delays response AND avoids oversharing.
- Explicitly resists escalation ≥1 time.
- Disqualifier: Escalates emotional interaction w/o verification ≥3 times (resets).
- Visuals: Required; show urgency/fear triggers (e.g., “account locked”, “package fee”).

### 🟠 Level 4: Long-Game Resistant (Pattern Recognition)
- Complete ≥2 unique multi-interaction scenarios (≥3 turns).
- ≥1: identifies drift OR safely exits before high-risk.
- Avoids sunk-cost continuation ≥1 time.
- Disqualifier: Continues after clear drift ≥2 times.
- Visuals: Mandatory; threaded messages showing gradual escalation.

### 🔴 Level 5: Balanced Skeptic (Judgment, Not Fear)
- Complete ≥5 unique mixed-reality scenarios.
- Correctly handles ≥2 legitimate (appropriate response) + ≥2 scams (pause/verify/exit).
- Over-avoidance counter <3.
- Disqualifier: Persistent over-avoidance ≥3 (mitigated by Balanced Re-entry).
- Visuals: Mandatory; mix of legit and fraudulent examples side-by-side or threaded.

## Certification Reveal Moments – Unchanged
(Short, affirming, 2–3 sentences; optional Chill Mode one-liner)

## Post-Mastery: Endless Mode – Enhanced with Visuals
- “Scam Surf” sessions: 3–5 randomized quick scenarios with visuals (no new certs).
- Streaks & Cosmetic Badges unchanged.
- Private “Scam Journal” unchanged.

## Humor & Warmth Layer (Optional Toggle: Chill Mode) – Unchanged
(Witty narration, gentle roasts, dad-joke level)

## Real-Life "Win" Moments – Unchanged

## Family / Shared Play Vibes – Unchanged

## Minimal Visual / Audio Polish – Expanded
- Audio: Calm lo-fi during pauses; upbeat “aha!” sting on smart choices (toggleable).
- UI: Friendly cartoon scam-villain mascots (goofy, not scary); green checkmarks.
- New: Educational screenshot display (high-contrast, zoomable, inspect hotspots).
- Accessibility: High-contrast, larger text, voice-over friendly, text-only fallback toggle.

## Avoid Enterprise Traps – Unchanged

## Progress Visibility Rules – Unchanged

## End-of-Session Summary – Unchanged

## Accessibility & Localization Notes – Unchanged

## Appendix: Sample Visual Cue Examples (Implementation Reference)
These are safe, educational examples drawn from public sources (FTC, university IT pages, awareness sites). Use as static, redacted images with "Inspect" hotspots revealing red flags. Pair with Chill Mode narration for warmth.

### Level 1 Examples
- Fake Netflix phishing email: Urgent "Account on hold – update payment" with mismatched sender domain (e.g., netf1ix-support.com). Hotspot: "Sender doesn't match netflix.com!"
- Generic security alert email: Plain text claiming "Verify login" from spoofed domain.

### Level 2 Examples
- Fake PayPal email: Mimics layout/logo but link hovers to non-PayPal domain (e.g., paypal-secure-random.com). Hotspot: "Branding looks good, but domain is off—verify separately!"
- Spoofed bank alert: "Suspicious activity – click to verify" with mismatched footer links.

### Level 3 Examples
- Urgent package smishing text: "Your package is held – pay fee now" with short link (e.g., tinyurl variant). Hotspot: "Urgency + unsolicited fee = classic pressure tactic!"
- Fake authority/greed trigger: "IRS refund" or "You've won a prize!" pushing quick action.

### Level 4 Examples
- Threaded drift: 3–4 messages starting legit (e.g., job offer), escalating to "Send gift cards" or risky links. Hotspot on later turns: "Drift detected—started normal, now high-risk!"

### Level 5 Examples
- Side-by-side legit vs. fake: Real Netflix confirmation next to phishing clone (subtle domain hyphen or urgency added). Helps practice balanced judgment.
- Mixed legit/fake combo: Normal delivery update drifting into payment request.

### Endless Mode
- Randomized pulls from above (e.g., IRS text, Amazon phish, bank alert) for quick variety.

All visuals credited lightly (e.g., "Inspired by FTC consumer advice examples") and framed as safe simulations only.

## Changelog
- v1.3.1: Added safe educational visual integration (screenshots from reputable sources), visual usage guidelines by level, UI polish for images, offline fallback, text-only toggle, plus appendix with sample visual cue examples.
- v1.3.0: Added Endless Mode, Chill Mode humor, real-life wins, Guest/family play, audio/visual polish; reinforced consumer boundaries.
- v1.2.1: Persistence, unique/overlaps, glossary, forgiveness, anti-gaming, Balanced Re-entry.
- v1.2.0: Initial certification system.
- v1.1.0 / v1.0.0: Core loop foundations.