@racheltobac.bsky.social
Hacker & CEO @SocialProofSec security awareness/social engineering training, videos, talks | 3X @DEFCON๐ฅ | Chair @WISPorg | @CISAgov Technical Advisory Council under Director Jen Easterly
See lots of scam messages via text & apps lately? Youโre not alone!
Scammers are using people's economic anxiety to trick with lures that are too good or too dire to be true! They're also using AI to create attacks.
Here are the latest messaging scams + how to catch them.
youtube.com/shorts/K8x86...
Iโll be on NBC News Now soon talking thru the Tea App hack and how to protect yourself during a data breach sometime between 7-8 pm ET tonight (probably 7:30 pm ET) if you want to watch ๐ค๐ค
nbcnews.com/watch or www.youtube.com/watch?v=3o_t...
Exactly right
28.07.2025 23:21 โ ๐ 5 ๐ 0 ๐ฌ 0 ๐ 0It doesn't matter whether this app was a honeypot or just vibe coded by a bunch of assholes with no security awareness, the impact is exactly the same
28.07.2025 23:20 โ ๐ 25 ๐ 4 ๐ฌ 2 ๐ 0
2nd Tea App breach?! 1 million messages w/ sensitive cheating stories, details of ending pregnancies, contact details, real names โ it could not be more serious. Here are actions to protect yourself.
Iโll be on NBC News Now at 7 pm ET tomorrow discussing this.
www.linkedin.com/posts/rachel...
6. Why the Tea App hack matters -- why selfies and IDs together allow a hacker to perform account takeover with deepfakes and how to catch it
28.07.2025 18:20 โ ๐ 5 ๐ 0 ๐ฌ 0 ๐ 04. AI voice clones and how they are hitting everyday families in the wild in 2025 to steal money & how to catch it
5. How live AI agents automate and scale hacking with voice clones over the phone and how to catch them
2. How AI voice clones hack voice biometrics for bank account take over & how to stop it
3. Live AI deepfakes hacking KYC, liveness detection, and identity verification for account takeover for banks, social media accounts, etc & how to stop it
Time to find the right journalist(s) for live hacking demo video pieces. If you're coming to DEF CON and want a scoop, lmk:
1. How AI voice clones are currently being used to target Execs and their orgs in the wild for wire transfer fraud, passwords, and document stealing & how to stop it
@racheltobac.bsky.social arstechnica.com/security/202...
24.07.2025 03:12 โ ๐ 6 ๐ 1 ๐ฌ 2 ๐ 0Simple as that ๐ฅฒ
24.07.2025 18:41 โ ๐ 2 ๐ 0 ๐ฌ 1 ๐ 0took this into work today and showed folk there... I think we might see some change ... thank you for doing this
09.07.2025 09:14 โ ๐ 3 ๐ 1 ๐ฌ 1 ๐ 0Thatโs awesome!!
09.07.2025 11:42 โ ๐ 2 ๐ 0 ๐ฌ 0 ๐ 0Thank you!
08.07.2025 23:09 โ ๐ 1 ๐ 0 ๐ฌ 0 ๐ 0I was so sad the day I realized AI could finally tackle the Irish accent. @donie.bsky.social was safe for so long
08.07.2025 23:09 โ ๐ 1 ๐ 0 ๐ฌ 1 ๐ 0I guess I may need to!
08.07.2025 19:31 โ ๐ 2 ๐ 0 ๐ฌ 1 ๐ 0AI voice clones have hit the White House AGAIN, now impersonating the Secretary of State to other Gov officials to try to steal secrets/access.
Here is a video of me live demoing how quick (2 min) and easy it is to clone a voice to hack and how to catch AI voice clone attacks in action!
This. I know people who are naturally graceful and kind at cons like Wendy Nather or my lovely spouse @deviantollam.bsky.social or @racheltobac.bsky.social or so many other icons I look up to.
But as an introvert it is *hard* to have that energy. Itโs physically draining, though very meaningful.
Aw thank you for this kind sentiment. Itโs deeply meaningful to me and after I sit in a very dark room quietly for hours to feel regulated again ha!
01.07.2025 19:55 โ ๐ 6 ๐ 0 ๐ฌ 1 ๐ 0Thanks Andy!
30.06.2025 18:31 โ ๐ 1 ๐ 0 ๐ฌ 1 ๐ 0
It's fun to learn from smart people. @racheltobac.bsky.social is smart people. Check out: Hacker Conversations: Rachel Tobac and the Art of Social Engineering. www.securityweek.com/hacker-conve... cc @gate15.bsky.social #cybersecurity
30.06.2025 13:34 โ ๐ 3 ๐ 2 ๐ฌ 1 ๐ 0
Rachel Tobac hacking in the glass booth in front of 500 people at DEF CON 25.
I got my start hacking in the booth at @defcon.bsky.social. It changed my life. Now I'm a *Judge* for the NEW Social Engineering Community Village AI-powered hacking competition where teams use AI agents for live phone call attacks on DEF CON Sat! Apply to compete: www.se.community/battle-of-th...
24.06.2025 23:37 โ ๐ 46 ๐ 6 ๐ฌ 0 ๐ 0
Il y a quelques annรฉes, @racheltobac.bsky.social avait adaptรฉ ce magnifique shanty ๐ www.youtube.com/watch?v=Ft5b...
21.06.2025 00:02 โ ๐ 5 ๐ 1 ๐ฌ 0 ๐ 0So great to join you and showcase all of my wigs, grey hair spray and glasses for live video deepfakes lol!
11.06.2025 19:34 โ ๐ 4 ๐ 0 ๐ฌ 1 ๐ 0
Another stellar Wednesday Offensive! Thank you @racheltobac.bsky.social for an engaging conversation and real time examples of the power of Deepfakes!
Next week we have Kevin Ripa discussing "When forensics gets it wrong"
#hacking #infosec #cybersecurity
It's time to reorient ourselves with the Disgruntled Former Teammate & Insider Threat Prevention Handbook.
insights.sei.cmu.edu/library/the-...
Voice clones are easy.
Be suspicious even if a call appears to be from someone you know.
AlsoโฆDonโt set up voice authentication for banking.
Please train your team to spot and shut down voice clone attacks. This attack is easy for beginner attackers and weโre seeing this attack vector increase week over week (now many of my customers have had their execs voice cloned to staff in the past quarter).
x.com/racheltobac/...
Additionally, I donโt need to take control of someoneโs phone number to succeed with this type of attack. Often times Iโm just voice cloning and spoofing a phone number to appear on caller ID (but it doesnโt even seem the attacker did that in this case)!
30.05.2025 14:22 โ ๐ 10 ๐ 2 ๐ฌ 1 ๐ 0I am now able to now able to create a believable voice clone using just 10 seconds of someoneโs recorded voice. The tools are publicly available, easy to use, and in many cases they are free.
Itโs essential your family, friends, and workplace understands how easy this attack is.
