CYBER: How To Protect Yourself From Social Engineering Hacks

Uber, Twitter, and Twilio all fell pretty to social engineering. Most hacks don’t work without some form of it.
Screen Shot 2021-02-24 at 3
Hacking. Disinformation. Surveillance. CYBER is Motherboard's podcast and reporting on the dark underbelly of the internet.

Hacks are increasing but the hackers are not necessarily getting more sophisticated. What do Twitter, Twilio, and Uber all have in common? They were all hacked by, in part, a conversation. In all three cases, the hack was helped along by social engineering. Someone contacted an employee of the company and tricked them into giving up the keys to the company. It doesn’t matter how fancy your 2FA system is if an employee is just gonna give up their SMS codes to some rando on the phone.


But worry not. There are ways to protect yourself and your company against such attacks. With me today to work through it all is Rachel Tobac. Tobac is a hacker and the CEO of SocialProof Security, a company that aims to get your organization politely paranoid.

She also, coincidentally, just published a really amazing video that dramatizes a lot about what we’re going to talk about today. You can find it on Twitter @racheltobac.

Stories discussed in this episode:

The Uber Hack Shows Push Notification 2FA Has a Downside: It’s Too Annoying

How a Third-Party SMS Service Was Used to Take Over Signal Accounts

Hackers Convinced Twitter Employee to Help Them Hijack Accounts

We’re recording CYBER live on Twitch. Watch live during the week. Follow us there to get alerts when we go live. We take questions from the audience and yours might just end up on the show. 

Subscribe to CYBER on Apple Podcasts or wherever you listen to your podcasts.

Sign up for Motherboard’s daily newsletter for a regular dose of our original reporting, plus behind-the-scenes content about our biggest stories.