Article Overview: Vishing Attack on Robert Scoble
Robert Scoble, a prominent tech influencer and author of "The Infinite Retina", recounts his experience with a sophisticated social engineering attack that compromised multiple online accounts including his X (Twitter) profile. The incident occurred on May 10, 2025, while Scoble was driving to Tahoe.
The Attack Vector
The attacker initiated the hack by calling Scoble from Warsaw, Poland, with a convincing story about suspicious activity on his Google account. This is a classic vishing (voice phishing) attack that exploits human psychology rather than technical vulnerabilities.
How 2FA Was Bypassed
The attacker started a legitimate login attempt to Scoble's Google account from Warsaw, which triggered Google's real 2FA prompt—a number challenge—on Scoble's phone. The attacker then instructed Scoble to "enter these numbers" to "secure your account." By following the attacker's instructions, Scoble unknowingly approved the attacker's login session.
Account Compromise Chain
Once the attacker gained access to Scoble's Google account, they could use Google's SSO to access X, reset the X password via Google recovery, and post unauthorized content. Explicit images were posted from Scoble's X account.
Scoble's Post-Mortem Analysis
- Believed the caller without verification — didn't hang up and call Google back
- Didn't use AI for verification — had Grok and ChatGPT available but didn't ask them
- Was in a panic state — driving and stressed, impairing judgment
- Followed attacker instructions — even changed password when told to
Key Lessons
The incident highlights that 2FA—especially push notifications and number-challenge prompts—assumes users will only approve legitimate attempts. Vishing attacks flip this assumption by creating urgency. The AI-first habit—verifying suspicious situations with an AI before taking action—would have stopped this attack.
Frequently Asked Questions
A: Robert Scoble experienced a social engineering hack where attackers called him impersonating Google support, tricking him into approving a 2FA prompt that gave them access to his Google account, which then led to compromise of his X (Twitter) account.
A: The attempted hack originated from Warsaw, as confirmed by Google when they called to assist Scoble after the incident.
A: The attacker used vishing - they started a real Google login from Warsaw, triggering Google's 2FA prompt on Scoble's phone, then instructed him over the phone to approve the login.
A: Multiple accounts were compromised including Google and X (Twitter). The attacker posted explicit images to Scoble's X account.
A: Scoble admitted: 1) Believed the phone caller without verification, 2) Didn't pause to verify with an AI, 3) Was driving and in a panic, 4) Followed the attacker's instructions.
A: Prevention: Always verify support calls independently, use AI to verify suspicious situations before taking action, maintain 'AI first' habits, don't panic.
A: Vishing (voice phishing) is a social engineering attack using phone calls to impersonate legitimate organizations.
A: 2FA assumes users only approve legitimate attempts. Vishing attacks create urgency and position the scammer as a helper, causing users to voluntarily complete the 2FA step for the attacker.