Don't Take the Bait - Online deception beyond your Inbox
Bolt's product security team secures applications for over 200 million customers and 4.5 million partners across 600+ cities in 50 countries. This massive scale makes our platform a prime target for a diverse array of malicious actors, many of whom specialise in scalable, low-tech scams. We've seen an increasing professionalisation even in these "low-tech" schemes, leading to an arms race between threat actors and security measures that often unfolds within weeks, if not days.
Traditional phishing techniques are now being repurposed from email to modern chat applications. We're observing 2FA bypasses via recovery flows and constant probing for business logic issues that can be abused for quick financial gain.
During this presentation, we'll shed light on the variety of sophisticated phishing techniques we've encountered in the wild. Attendees will gain insights into:
Abused Communication Channels: Discover how in-app chat functionality and chat applications such as Telegram and WhatsApp are misused.
Reward vs Punishment: Understand persuasion techniques threat actors use to manipulate targets.
Bypassing Protections: Learn how 2FA, chat filtering and business logic checks could be bypassed.
Authentication Strengths & Weaknesses: Explore the benefits and drawbacks of existing authentication methods
