Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

CNN Says "Hack Our Reporter," and White Hat Rachel Tobac *Does*

Stu Sjouwerman | Oct 24, 2019

Pretexting TrainingIt’s “disturbingly easy” to steal someone’s personal data using information gleaned from their social media accounts, according to Donie O’Sullivan at CNN. O’Sullivan met with Rachel Tobac, a well-known white hat hacker who specializes in social engineering, and asked her to try to hack him.

O’Sullivan emphasized that even though he’s a tech reporter, he was still shocked by how much information Tobac was able to gather and what she was able to do with it. Rachel Tobac also created Pretexting Training Videos with Kevin Mitnick that are part of the KnowBe4 social engineering training modules.

“Without having my password, and without hacking into my email account, she was able to get my home address, my phone number and steal my hard-earned hotel points,” O’Sullivan writes. “In perhaps the cruelest act of all, she was even able to change my seat on my five-hour flight out of Vegas, moving me from a spacious exit aisle to a middle seat at the back by the restrooms.”

O’Sullivan explained that Tobac was able to do this solely using information he had posted publicly on Twitter and Instagram. She spoofed O’Sullivan’s phone number and, when necessary, she used a voice changer to make herself sound like a man. Tobac then called some of the companies O’Sullivan had tweeted about to trick them into giving her his information.

In one instance, for example, she posed as O’Sullivan’s wife and called a furniture company to make sure he had provided the correct home address. Since she didn’t have his real address, she gave the wrong one, and the furniture corrected her by reading out the address O’Sullivan had provided them with.

Tobac hacks companies with permission in order to show them where their weak spots are. Notably, she achieves all of this over the phone by interacting with humans, and no technical hacking is involved. Everyone can benefit from new-school security awareness training so that your employees don’t inadvertently give out information about your customers, and so that they can protect themselves even if someone manages to gather information about them.

CNN has the story: https://www.cnn.com/2019/10/18/tech/reporter-hack/index.html

You can see a preview of Rachel Tobac and Kevin Mitnick in the KnowBe4 ModStore:

Topics: Social Engineering Pretexting

Access the World’s Largest Security Awareness Library

Explore over 1,000 interactive modules, videos, and games designed to sharpen user instincts and secure AI interactions. Get instant access to our Free Training Preview and find the perfect content to fortify your security culture.

Get Your Free Training Preview

Secure the Digital Workforce: Human + AI

KnowBe4 empowers the modern workforce to make smarter security decisions every day. Trusted by more than 70,000 organizations worldwide, KnowBe4 is the pioneer of digital workforce security, securing both AI agents and humans. The KnowBe4 Platform provides attack simulation and training, collaboration security, and agent security powered by AIDA (Artificial Intelligence Defense Agents) and a proprietary Risk Score. The platform leverages 15 years of behavioral data to combat advanced threats including social engineering, prompt injection, and shadow AI. By securing humans and agents, KnowBe4 leads the industry in workforce trust and defense.

Stu Sjouwerman

ABOUT STU SJOUWERMAN

Stu Sjouwerman (pronounced “shower-man”) is the Founder and Executive Chairman of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

Read more from Stu »

Subscribe the KnowBe4 Blog

Posts By Topic

View All