Rachel Tobac @RachelTobac CEO @SocialProofSec social engineering keynoting/training/pentesting | 3X @DEFCON #SECTF 2nd place | Chair @WISPorg Board | Sr UX Research @coursehero | she/her Aug. 04, 2019 1 min read

10 straight hours of phone attacks today and I want everyone to know if you mention/communicate with your providers on social media (think travel, hospitality, energy, products, entertainment), their customer support can be a point of failure in your security.

You can make my job as an attacker difficult. Make me guess your providers. If you communicate with them via twitter help, I know you use them. If you mention you love x or y, I can exploit that and pretext as you during a vishing attack and take over your account w other details

To be clear, I’m the one doing the phone attacks for my penetrating testing client.

*penetration testing (obvs)

You can follow @RachelTobac.


Tip: mention @threader_app on a Twitter thread with the keyword “compile” to get a link to it.

Enjoy Threader? Sign up.

Threader is an independent project created by only two developers. The site gets 500,000+ visits a month and our iOS Twitter client was featured as an App of the Day by Apple. Running this space is expensive and time consuming. If you find Threader useful, please consider supporting us to make it a sustainable project.