Rachel Tobac is a social engineer who hacks people rather than computers, but not for the reason many might think.
“A social engineer is basically someone who is a scammer. They are anyone who is trying to convince you that you need to do something and eventually they are going to steal your money, your data or they are going to get access to your systems,” Tobac, of SocialProof Security, told NBC 5. “We consider social engineering any act that convinces a person to take an action that may or may not be in their best interest."
Tobac uses her strong skills of persuasion and wit to manipulate people and prominent companies into giving her what she wants: passwords, social secuirty numbers, banking accounts, email addresses, and any other compromising information she can get her hands on. As a three-time second place winner of the Social Engineering CTF contest held annually at Defcon -the super bowl of hackers - Tobac describes herself as the most “consistent attacker you’ve ever met.”
But Tobac isn't out to get your data or your money.
"I’m a white hat hacker so I do these attacks to make sure people understand the up-to-date methods that social engineers use to attack. So, I’m not a black hat hacker or as we like to call them criminals - people who actually steal your money or systems - and that’s not what I do,” Tobac says. ”I actually do these attacks and then I learn what works, which actually mimics what black hat hackers are doing. Then I teach what the black hat hackers or criminals are doing so people can keep themselves safe.”
Tobac’s advice for people is to always be politely paranoid, be skeptical and use two methods of communication.
“So if someone emails you and pretends to be your old college friend for example, saying they need money, shoot them a Facebook message, call them, text them, use signal message," she said. "Anything you can use to try and communicate with that person to make sure they are actually stuck. And they really need your help. Using that method really shuts me down as a social engineer the majority of the time."