Rachel Faber Tobac, UX Research, Course Hero
#GHC17 #theCUBE #WomenInTech
https://siliconangle.com/2017/10/13/vish-ious-attack-your-instagram-posts-could-put-a-hack-me-sign-on-your-back-ghc17/
Vish-ious attack: Your Instagram posts could put a ‘hack me’ sign on your back
We’ve all heard of phishing — the use of fraudulent electronic exchanges by hackers seeking sensitive information like usernames and passwords. Now cybercriminals have expanded their repertoire to include vishing — basically voice phishing by phone. And the mere act of posting photos online could turn users into victims.
“I can just bypass every security protocol you’ve set up. I don’t even need a technical hacker,” said Rachel Faber Tobac (pictured), associate user experience researcher at Course Hero Inc.
Tobac would know — she’s a white-hat hacker and visher helping companies understand their vulnerabilities and strengthen their defenses. At the yearly Def Con hacking conference, Tobac competes in white-hat vishing competitions.
“I’ll call them in a glass booth in front of 400 people and attempt to get them to go to malicious links,” Tobac said during an interview last week at the Grace Hopper Celebration of Women in Computing event in Orlando, Florida. She also co-founded SocialProof Security LLC, which educates companies on social media and security risks.
Tobac spoke with Jeff Frick (@JeffFrick), co-host of theCUBE, SiliconANGLE Media’s mobile livestreaming studio, during the Grace Hopper event.
“The biggest tool that I use is actually Instagram, which is really scary,” Tobac said. About 60 percent of the information she needs to vish a company, she culls from Instagram via geo-location. The mother lode is often a picture with a computer or workstation in the frame. “I can get their browser, their version information, and then I can help infiltrate that company by calling them over the phone.”
Femme fatale phoning
A visher might call a company posing as a company insider or some other innocent individual. Tobac revealed that “low-status pretexts” are particularly effective. Assumptions about women’s lack of technical expertise can often help get her inside.
For example, “I call you, and I’m like, ‘I don’t know how to troubleshoot your website. I’m so confused. I have to give a talk — it’s in five minutes. Can you just try my link and see if it works on your end?'” Tobac said. All the person on the other end has to do is click the link, and the hypothetical hacker is in his or her computer.
To avoid being vished, Tobac advises to never let anyone on the phone authenticate themselves with information about your browser or computer. And don’t take pictures with your computer in the shot.
“If you do, I’m going to see that little line at the bottom, and I’m going to see — exactly — the browser, version, OS and everything like that,” she concluded.
Watch the complete video interview below, and be sure to check out more of SiliconANGLE’s and theCUBE’s coverage of Grace Hopper Celebration of Women in Computing.
Forgot Password
Almost there!
We just sent you a verification email. Please verify your account to gain access to
Grace Hopper Celebration of Women in Computing 2017 | Orlando. If you don’t think you received an email check your
spam folder.
Sign in to Grace Hopper Celebration of Women in Computing 2017 | Orlando.
In order to sign in, enter the email address you used to registered for the event. Once completed, you will receive an email with a verification link. Open this link to automatically sign into the site.
Register For Grace Hopper Celebration of Women in Computing 2017 | Orlando
Please fill out the information below. You will recieve an email with a verification link confirming your registration. Click the link to automatically sign into the site.
You’re almost there!
We just sent you a verification email. Please click the verification button in the email. Once your email address is verified, you will have full access to all event content for Grace Hopper Celebration of Women in Computing 2017 | Orlando.
I want my badge and interests to be visible to all attendees.
Checking this box will display your presense on the attendees list, view your profile and allow other attendees to contact you via 1-1 chat. Read the Privacy Policy. At any time, you can choose to disable this preference.
Select your Interests!
add
Upload your photo
Uploading..
OR
Connect via Twitter
Connect via Linkedin
EDIT PASSWORD
Share
Forgot Password
Almost there!
We just sent you a verification email. Please verify your account to gain access to
Grace Hopper Celebration of Women in Computing 2017 | Orlando. If you don’t think you received an email check your
spam folder.
Sign in to Grace Hopper Celebration of Women in Computing 2017 | Orlando.
In order to sign in, enter the email address you used to registered for the event. Once completed, you will receive an email with a verification link. Open this link to automatically sign into the site.
Sign in to gain access to Grace Hopper Celebration of Women in Computing 2017 | Orlando
Please sign in with LinkedIn to continue to Grace Hopper Celebration of Women in Computing 2017 | Orlando. Signing in with LinkedIn ensures a professional environment.
Are you sure you want to remove access rights for this user?
Details
Manage Access
email address
Community Invitation
Rachel Faber Tobac, Course Hero, Grace Hopper Celebration of Women in Computing 2017
Rachel Faber Tobac, UX Research, Course Hero
#GHC17 #theCUBE #WomenInTech
https://siliconangle.com/2017/10/13/vish-ious-attack-your-instagram-posts-could-put-a-hack-me-sign-on-your-back-ghc17/
Vish-ious attack: Your Instagram posts could put a ‘hack me’ sign on your back
We’ve all heard of phishing — the use of fraudulent electronic exchanges by hackers seeking sensitive information like usernames and passwords. Now cybercriminals have expanded their repertoire to include vishing — basically voice phishing by phone. And the mere act of posting photos online could turn users into victims.
“I can just bypass every security protocol you’ve set up. I don’t even need a technical hacker,” said Rachel Faber Tobac (pictured), associate user experience researcher at Course Hero Inc.
Tobac would know — she’s a white-hat hacker and visher helping companies understand their vulnerabilities and strengthen their defenses. At the yearly Def Con hacking conference, Tobac competes in white-hat vishing competitions.
“I’ll call them in a glass booth in front of 400 people and attempt to get them to go to malicious links,” Tobac said during an interview last week at the Grace Hopper Celebration of Women in Computing event in Orlando, Florida. She also co-founded SocialProof Security LLC, which educates companies on social media and security risks.
Tobac spoke with Jeff Frick (@JeffFrick), co-host of theCUBE, SiliconANGLE Media’s mobile livestreaming studio, during the Grace Hopper event.
“The biggest tool that I use is actually Instagram, which is really scary,” Tobac said. About 60 percent of the information she needs to vish a company, she culls from Instagram via geo-location. The mother lode is often a picture with a computer or workstation in the frame. “I can get their browser, their version information, and then I can help infiltrate that company by calling them over the phone.”
Femme fatale phoning
A visher might call a company posing as a company insider or some other innocent individual. Tobac revealed that “low-status pretexts” are particularly effective. Assumptions about women’s lack of technical expertise can often help get her inside.
For example, “I call you, and I’m like, ‘I don’t know how to troubleshoot your website. I’m so confused. I have to give a talk — it’s in five minutes. Can you just try my link and see if it works on your end?'” Tobac said. All the person on the other end has to do is click the link, and the hypothetical hacker is in his or her computer.
To avoid being vished, Tobac advises to never let anyone on the phone authenticate themselves with information about your browser or computer. And don’t take pictures with your computer in the shot.
“If you do, I’m going to see that little line at the bottom, and I’m going to see — exactly — the browser, version, OS and everything like that,” she concluded.
Watch the complete video interview below, and be sure to check out more of SiliconANGLE’s and theCUBE’s coverage of Grace Hopper Celebration of Women in Computing.
