She stole a CNN reporter’s hotel points while live on the air. She has hacked into the security system of a large financial services company through a simple phone call while sitting onstage at a hackers’ convention thousands of miles away.

But if anyone happens to meet Rachel Tobac (pictured), don’t run. She has some excellent advice regarding social engineering to help navigate the increasingly perilous online world.

“I’m an attacker myself, so I basically go out, try it, learn about how we go and do attacks, and then train you,” said Tobac, co-founder and chief executive officer of SocialProof Security LLC. “The challenge with social engineering is that it leverages your principles of persuasion, the parts of you that you cannot switch off. I always recommend that people are politely paranoid.”

Tobac spoke with Jeff Frick, host of theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed a sharp rise in spear-phishing attacks, the dangers of video conferencing and how Tobac is supporting efforts to combat the coronavirus.

Increase in phishing sites

Being “politely paranoid” is timely advice these days as the forced seclusion at home for much of the world has created a large, juicy target for online criminals. Data tracked by Google LLC revealed a 350% increase in active phishing websites since January. Tobac advised using two methods of communication to confirm that any email or phone request was legitimate.

“What they’re trying to do is get you to input your credentials,” Tobac said. “Unfortunately, criminals don’t take a break, even in a crisis.”

Paranoia should extend to exercising caution in another communications space that has seen usage grow exponentially during the coronavirus crisis — video conferencing. The problem is that many users, including the prime minister of Great Britain, Boris Johnson, feel compelled to take screenshots of themselves with their video conferencing screen. That’s a really bad idea, according to Tobac.

“Johnson posted an image of his Zoom call, and it included an image of the software he used,” said Tobac, who advised using password protection and a “waiting room” feature for any video conference communication. “I could craft a very specific spear-phish just for him that I know will likely work on his machine with his software installed, because I understand the version and the known vulnerabilities.”

In the interest of supporting organizations that are working overtime to combat the epidemic, Tobac is offering her cybersecurity services free of charge to hospitals and healthcare providers.

“I’ve had an amazing response, being able to work with hospitals all over the world for free to make sure they have the support that they need during COVID-19,” Tobac said. “There are many brave folks out there risking it all every single day to do the work to keep people safe.”

Here’s the complete video interview, one of many CUBE Conversations from SiliconANGLE and theCUBE:

Photo: SiliconANGLE