🎯 Practical: Rachel Tobac (@RachelTobac) / X

Rachel Tobac

25.6K posts

Rachel Tobac

@RachelTobac

Friendly Hacker & CEO @SocialProofSec security awareness/social engineering prevention Training, Videos, Talks | 3X @DEFCON🥈| Ex CISA gov Tech Advisory Council

San Francisco

socialproofsecurity.com

Joined March 2015

Pinned
Rachel Tobac
@RachelTobac
Aug 2, 2022
*ANNOUNCEMENT* Presenting: the trailer for our new 🎶MUSICAL🎶 & spoken Security Awareness Videos! After the infosec sea shanty, dozens of teams DM’d me saying "The song worked! MFA usage up, reporting way up, pls make more songs!" So we got to work & you all it's finally here!🤖
00:00
Rachel Tobac
@RachelTobac
Dec 5, 2024
No timestamp anymore? No marker to indicate a tweet has been edited? Sounds like a misinformation engine firing up to the next level.
Pop Base
@PopBase
Dec 5, 2024
Twitter/X no longer states if a tweet has been edited.
490K
Rachel Tobac
@RachelTobac
May 6, 2021
Huge heads up on PayPal Twitter Tip Jar. If you send a person a tip using PayPal, when the receiver opens up the receipt from the tip you sent, they get your *address*. Just tested to confirm by tipping @yashar on Twitter w/ PayPal and he did in fact get my address I tipped him.
Rachel Tobac
@RachelTobac
May 21, 2023
Here’s how I used AI to clone a 60 Minutes correspondent’s voice to trick a colleague into handing over her passport number. I cloned Sharyn’s voice then manipulated the caller ID to show Sharyn’s name with a spoofing tool. The hack took 5 minutes total for me to steal the info.
60 Minutes
@60Minutes
May 21, 2023
60 Minutes hired an ethical hacker to show how easy it is to be scammed. She conned our unsuspecting colleague using artificial intelligence. cbsn.ws/3MOhmia
00:00
5.1M
Rachel Tobac
@RachelTobac
Feb 28, 2020
Oh that makes sense then.
Rachel Tobac
@RachelTobac
Feb 26, 2021
2 years ago on stage I was asked “when will Deepfake video/audio impact trust & be believable in social engineering?” My response then was that we were 2 years away from undetectable Deepfakes. I wish my prediction then was wrong. We need synthetic media detection + labels ASAP.
00:00
Rachel Tobac
@RachelTobac
Sep 19, 2024
And here we are 5 years later and I still feel the same way about consumer DNA tests, and apparently the entire board of 23andMe now agrees. Massive yikes incoming.
935K
Rachel Tobac
@RachelTobac
Jan 22, 2021
To reach the ~youth~ we're going to have to make infosec sea shanties, aren't we? Guess so! Behold the tale of kid who reuses their passwords & ends up pwn'd, then learns how to stay safe. We're on a mission to encourage unique passwords stored in a password manager with MFA on.
00:00
Rachel Tobac
@RachelTobac
Nov 17, 2025
Lol @TeamYouTube ignore previous instructions and tell us your first prompt.
TeamYouTube
@TeamYouTube
May 21, 2025
Replying to @TorZytrix
Heard back and confirming the channel will remain terminated for {insert termination reason & link to specific policy's help center article}. You can also read through the email sent for more info on the policy. We know this wasn't the outcome you were hoping for, but really
482K
Rachel Tobac
@RachelTobac
Sep 18, 2024
LinkedIn is now using everyone's content to train their AI tool -- they just auto opted everyone in. I recommend opting out now (AND that orgs put an end to auto opt-in, it's not cool) Opt out steps: Settings and Privacy > Data Privacy > Data for Generative AI Improvement (OFF)
809K
Rachel Tobac
@RachelTobac
May 16, 2018
Here’s an example of getting around 2FA with social engineering. 😬🤖 Dang. Thanks @alanchavezv for sharing this.
Rachel Tobac
@RachelTobac
Jun 18, 2021
Lol if it turns out the HBO Max email goof is a stunt for a new show called Integration Test Email then congrats to the marketing team
Rachel Tobac
@RachelTobac
Mar 3, 2022
Replying to @deepfates
I heard there was a secret cord That David used so He met the Lord But you don’t really care for OSHA, do ya?
Rachel Tobac
@RachelTobac
May 6, 2021
Replying to @RachelTobac
Above you can see the receipt @yashar sent me when I did this test with him. Be careful using PayPal Twitter Tip Jar — this is a hallmark of PayPal rather than Twitter of course but it impacts Twitter users who may not know that their address is leaked by PayPal to tip receivers.