Rachel Tobac’s Post

Let's get actionable: criminals will attempt to use this massive global outage to pretend to be IT to you or you to IT to steal access, passwords, codes, money, etc. Verify people are who they say they are before taking sensitive actions. Let's talk through how we can mitigate social engineering risk during this IT outage for folks at home, at work, or those in the challenging IT / HelpDesk position right now. *How will this hit everyday folks at home?* Please tell your family and friends: If you receive a call from “Microsoft Support” about paying to prevent a blue screen on your computer, do not give that person your passwords, money, etc. A criminal may ask for payment to “fix” or "prevent" the blue screen for you -- hang up. *How will this outage impact social engineering risk at work?* - A criminal pretending to be “IT Support” or “Help Desk” may call you and ask you to give out your credentials and codes to “regain access”. Folks working remotely are at a high risk here. - Work Help Desk / IT Support will need to be able to verify that an employee calling for help is actually that individual and not a criminal trying to takeover access. Remember that phone numbers displayed on caller id can be spoofed — just because the caller id says “Microsoft” or “Work IT Support” or “Jim Smith” we can’t automatically trust and give access, passwords, codes, and certainly don’t give money. *How do we use a second method of communication to verify identity before taking sensitive actions if work stations are down?!* - If you are an Employee at a company: If you receive a call/text from someone at your work claiming to be HelpDesk or IT and they need sensitive details or access to be able to help you, have them chat you on an internal team tool using your phones (Slack, Teams, Signal, etc) or email you from their work email account using a phone to confirm identity before granting access. - If your job is in IT or HelpDesk: If you receive a call from an employee needing sensitive support, verify they truly are that employee by having them read off a word you send to their internal team chat app on their phone (Slack, Teams, Signal, etc) or internal email from their phone during the call. You can also initiate a callback to thwart spoofing. My heart goes out to IT / HelpDesk around the world today. This is going to be a very long day, weekend, and week ahead.

Potential IT fix for the Crowdstrike outage (for some folks, not all): cycle your machine on and off 15 times in a row. Are you at a hospital that can’t help patients? An airport with delays? A company that can’t work? A news station that can’t broadcast? A 911 dispatcher that can’t support emergencies? *Turn your machine off & on 15 times (this reboot cycle is working for some folks but not all).* https://t.co/031BWaSSV7

Wondering how to keep yourself, your family, & your team secure in the wake of the AT&T breach? I wrote up an article below on the risks & next steps to mitigate social engineering, phishing, impersonation, fraud, extortion, and harassment risk from this breach. Let's break it down here:

Who wants to increase representation at DEF CON and Black Hat this year with Women in Security and Privacy (WISP)'s scholarship! Each $1,000 donation sends 1 scholar to Hacker Summer Camp w/ a free pass, travel stipend, & team to support on the ground! Match my $500 donation (we're currently at 2 full scholarships funded as of right now) to help us send at least 20 scholars to Hacker Summer Camp this year to meet their next boss and learn new hands on skills. Match my donation here: https://lnkd.in/gm-yut9a If you want to apply to be a scholar, please do so here by 6/7: https://lnkd.in/gcz3vtpa