CNN Says "Hack Our Reporter," and White Hat Rachel Tobac *Does*

Pretexting Training It’s “disturbingly easy” to steal someone’s personal data using information gleaned from their social media accounts, according to Donie O’Sullivan at CNN. O’Sullivan met with Rachel Tobac, a well-known white hat hacker who specializes in social engineering, and asked her to try to hack him.

O’Sullivan emphasized that even though he’s a tech reporter, he was still shocked by how much information Tobac was able to gather and what she was able to do with it. Rachel Tobac also created Pretexting Training Videos with Kevin Mitnick that are part of the KnowBe4 social engineering training modules.

“Without having my password, and without hacking into my email account, she was able to get my home address, my phone number and steal my hard-earned hotel points,” O’Sullivan writes. “In perhaps the cruelest act of all, she was even able to change my seat on my five-hour flight out of Vegas, moving me from a spacious exit aisle to a middle seat at the back by the restrooms.”

O’Sullivan explained that Tobac was able to do this solely using information he had posted publicly on Twitter and Instagram. She spoofed O’Sullivan’s phone number and, when necessary, she used a voice changer to make herself sound like a man. Tobac then called some of the companies O’Sullivan had tweeted about to trick them into giving her his information.

In one instance, for example, she posed as O’Sullivan’s wife and called a furniture company to make sure he had provided the correct home address. Since she didn’t have his real address, she gave the wrong one, and the furniture corrected her by reading out the address O’Sullivan had provided them with.

Tobac hacks companies with permission in order to show them where their weak spots are. Notably, she achieves all of this over the phone by interacting with humans, and no technical hacking is involved. Everyone can benefit from new-school security awareness training so that your employees don’t inadvertently give out information about your customers, and so that they can protect themselves even if someone manages to gather information about them.

CNN has the story: https://www.cnn.com/2019/10/18/tech/reporter-hack/index.html

You can see a preview of Rachel Tobac and Kevin Mitnick in the KnowBe4 ModStore:

The world's largest library of security awareness training content is now just a click away!

In your fight against phishing and social engineering you can now deploy the best-in-class simulated phishing platform combined with the world's largest library of security awareness training content; including 1000+ interactive modules, videos, games, posters and newsletters.

You can now get access to our new ModStore Preview Portal to see our full library of security awareness content; you can browse, search by title, category, language or content topics.

The ModStore Preview includes: