How To Protect Yourself From Social Engineering Hacks
CYBER
VICE
4 • 645 Ratings
🗓️ 29 September 2022
⏱️ 30 minutes
🧾️ Download transcript
Summary
Hacks are increasing but the hackers are not necessarily getting more sophisticated. What do Twitter, Twilio, and Uber all have in common? They were all hacked by, in part, a conversation. In all three cases, the hack was helped along by social engineering. Someone contacted an employee of the company and tricked them into giving up the keys to the company. It doesn’t matter how fancy your 2FA system is if an employee is just gonna give up their SMS codes to some rando on the phone.
But worry not. There are ways to protect yourself and your company against such attacks. With me today to work through it all is Rachel Tobac. Tobac is a hacker and the CEO of SocialProof Security, a company that aims to get your organization politely paranoid.
She also, coincidentally, just published a really amazing video that dramatizes a lot about what we’re going to talk about today. You can find it on Twitter @racheltobac.
Stories discussed in this episode:
The Uber Hack Shows Push Notification 2FA Has a Downside: It’s Too Annoying
How a Third-Party SMS Service Was Used to Take Over Signal Accounts
Hackers Convinced Twitter Employee to Help Them Hijack Accounts
We’re recording CYBER live on Twitch. Watch live during the week. Follow us there to get alerts when we go live. We take questions from the audience and yours might just end up on the show.
Subscribe to CYBER on Apple Podcasts or wherever you listen to your podcasts.
Sign up for Motherboard’s daily newsletter for a regular dose of our original reporting, plus behind-the-scenes content about our biggest stories.
Hosted on Acast. See acast.com/privacy for more information.
Transcript
Click on a timestamp to play from that location
| 0:00.0 | TAM! It's got the code. It's going to launch. |
| 0:10.3 | It's a unit system. I know this. |
| 0:14.7 | This is how all the files of the whole park. It tells you everything. |
| 0:18.7 | Sir, he's uploading the virus. |
| 0:21.4 | Eagle 1. The package is being delivered. |
| 0:24.9 | Hello out there on the internet. |
| 0:26.5 | I am Matthew Galt, and this is Cyber. |
| 0:28.5 | The hacks, they are increasing, but the hackers, they are not necessarily getting more sophisticated. |
| 0:34.3 | What do Twitter, Twilio, and Uber all have in common? |
| 0:36.9 | Well, they were all hacked by, in part, a conversation. In all three cases, the hack was helped along by social engineering. Someone contacted an employee of the company and tricked them into giving up the keys. It doesn't matter how fancy your two-of-a system is if an employee is just going to give up their SMS codes to some random on the phone. But worry not, there are ways to protect yourself and your company against such attacks. |
| 0:58.0 | And with me today to work through it all is Rachel Tobac. |
| 1:00.5 | Tobac is a hacker, and the CEO of Social Proof Security |
| 1:03.9 | accompany the names to get your organization lightly paranoid. |
| 1:07.4 | She has also coincidentally just published an amazing video that dramatizes a lot of |
| 1:14.0 | what we're going to be talking about today, which you can find on Twitter at Rachel, T-O-B-A-C. |
| 1:20.9 | Rachel, thank you so much for coming on to cyber once again and saving us from ourselves. |
| 1:25.8 | Thank you for having me on. |
| 1:27.5 | All right. |
| 1:28.0 | So let's define some terms up top here for people that may not know kind of what's going on. |
| 1:31.9 | Social engineering is a broad term. |
| 1:34.0 | What does it mean? |
| 1:35.6 | Yeah. |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from VICE, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of VICE and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2025.