In totally uncool moves, two Tesla owned accounts were hijacked via social engineering:
- A bad guy called AT&T customer support and pretended to be a Tesla employee. This person then demanded all phone calls to the company be forwarded to a new fake phone number.
- Then they got in touch with Tesla’s domain registrar Network Solutions. Since all the phone calls were being forwarded to the hacker, this person was able to easily add a new email address to Tesla’s domain administrator account.
- With this new email on the account, the bad guy then reset passwords for the website.
As you can see, social engineering a third party can have an impact on your business. Are your vendors doing security awareness training to protect you?