Rachel Tobac+ Your Authors @RachelTobac CEO @SocialProofSec social engineering & hacking training/pentest/workshops/keynotes | 3X @DEFCON SECTF 2nd place | Chair @WISPorg | SrUXR @coursehero | She/her Aug. 04, 2019 1 min read + Your Authors

10 straight hours of phone attacks today and I want everyone to know if you mention/communicate with your providers on social media (think travel, hospitality, energy, products, entertainment), their customer support can be a point of failure in your security.

You can make my job as an attacker difficult. Make me guess your providers. If you communicate with them via twitter help, I know you use them. If you mention you love x or y, I can exploit that and pretext as you during a vishing attack and take over your account w other details

To be clear, I’m the one doing the phone attacks for my penetrating testing client.

*penetration testing (obvs)

You can follow @RachelTobac.


Tip: mention @threader_app on a Twitter thread with the keyword “compile” to get a link to it.

Enjoy Threader? Sign up.

Since you’re here...

... we’re asking visitors like you to make a contribution to support this independent project. In these uncertain times, access to information is vital. Threader gets 1,000,000+ visits a month and our iOS Twitter client was featured as an App of the Day by Apple. Your financial support will help two developers to keep working on this app. Everyone’s contribution, big or small, is so valuable. Support Threader by becoming premium or by donating on PayPal. Thank you.

Follow Threader