R
racheltobac@infosec.exchange
Posts
-
This is a serious question. -
Have you received a party invite that turned out to be fake (a scam!) in the last 6 months?Have you received a party invite that turned out to be fake (a scam!) in the last 6 months?!
I just broke down how this scam works for the @nytimes so dive into the 2 distinct paths this scam follows, how to catch it, and how to reduce its impact if you do click here: -
Want my thoughts on Anthropic's Mythos risk vs hype, how I use AI to bypass identity verification systems now, & moreWant my thoughts on Anthropic's Mythos risk vs hype, how I use AI to bypass identity verification systems now, & more?
Tune in for my Rapid7's 2026 Global Cybersecurity Summit keynote panel 5/12 with @gcluley Cluley, @Raj_Samani @brianhonan
Join me here: https://rapid7.brighttalk.com -
Here’s how I used AI to clone a 60 Minutes correspondent’s voice to trick a colleague into handing over Sharyn's passport number.Here’s how I used AI to clone a 60 Minutes correspondent’s voice to trick a colleague into handing over Sharyn's passport number. I cloned Sharyn’s voice then manipulated the caller ID to show Sharyn’s name on the caller ID with a spoofing tool.
The hack took 5 minutes total for me to steal the sensitive information.So, how do we protect ourselves, our loved ones, and our organizations?
1. Make sure the people around you know that caller ID is easily faked (spoofed) and that voices can also be easily impersonated.
2. If they receive a dire call from “you”, verify it’s really you with another method of communication (text, DM, FT, call, etc) before taking an action (like sending money). Kind of like human MFA.Some suggest setting up a secret “verification word” with their folks ones so that if someone impersonates & demands money/access etc you can ask for the verification word to see if it’s a real crisis. This won’t work for all people but could work for some. If it’s a match, use it.
In general, I recommend keeping advice simple: if premise of call is dire use a 2nd method of communication to confirm a person is in trouble before taking action (like wiring money or sensitive data). Rapid text, email, DM, have others message repeatedly — before wiring money.
Bottom line is:
Scammers use urgency & fear to convince victims to take actions (like sending money, data, etc).
If premise of a call, text, email, or DM is too dire (or too good to be true), that’s a likely scam.
Use a 2nd method of communication to check it’s real before taking action!
Ethical hacker scams 60 Minutes staffer to show how easy digital theft is
Anybody can be hacked, even those who are tech-savvy. An ethical hacker targeted a 60 Minutes employee to show how easy it is to scam people.
(www.cbsnews.com)