@prefix : . @prefix schema: . @prefix rdfs: . @prefix rdf: . @prefix owl: . @prefix xsd: . @prefix skos: . @prefix prov: . : a owl:Ontology ; schema:name "Robert Scoble Hack Incident Knowledge Graph"@en ; schema:description "KG from multiple X sources about vishing/social engineering attack on Robert Scoble"@en ; schema:identifier "https://x.com/Scobleizer/status/2053367142045847649" ; rdfs:isDefinedBy : . :SecurityIncident a rdfs:Class ; rdfs:label "Security Incident"@en ; rdfs:comment "A security breach or hacking event"@en ; rdfs:isDefinedBy : . :SocialEngineeringAttack a rdfs:Class ; rdfs:subClassOf :SecurityIncident ; rdfs:label "Social Engineering Attack"@en ; rdfs:comment "Attack manipulating human psychology"@en ; rdfs:isDefinedBy : . :VishingAttack a rdfs:Class ; rdfs:subClassOf :SocialEngineeringAttack ; rdfs:label "Vishing Attack"@en ; rdfs:comment "Voice phishing via phone calls"@en ; rdfs:isDefinedBy : . :PlatformAccount a rdfs:Class ; rdfs:label "Platform Account"@en ; rdfs:comment "User account on social media/web platform"@en ; rdfs:isDefinedBy : . :GrokAnalysis a rdfs:Class ; rdfs:label "Grok Analysis"@en ; rdfs:comment "AI-generated analysis of an event"@en ; rdfs:isDefinedBy : . :occurredAt a rdf:Property ; rdfs:domain :SecurityIncident ; rdfs:range xsd:dateTime ; rdfs:label "occurred at"@en ; rdfs:isDefinedBy : . :originatesFrom a rdf:Property ; rdfs:domain :SecurityIncident ; rdfs:range xsd:string ; rdfs:label "originates from"@en ; rdfs:isDefinedBy : . :compromisedAccount a rdf:Property ; rdfs:domain :SecurityIncident ; rdfs:range :PlatformAccount ; rdfs:label "compromised account"@en ; rdfs:isDefinedBy : . :bypassed2FA a rdf:Property ; rdfs:domain :SecurityIncident ; rdfs:range xsd:boolean ; rdfs:label "bypassed 2FA"@en ; rdfs:isDefinedBy : . :analyzes a rdf:Property ; rdfs:domain :GrokAnalysis ; rdfs:range :SecurityIncident ; rdfs:label "analyzes"@en ; rdfs:isDefinedBy : . # Main Article :article a schema:Article ; schema:name "Robert Scoble Vishing Hack Incident"@en ; schema:description "Robert Scoble recounts a social engineering hack via phone call impersonating Google support, compromising multiple accounts including X"@en ; schema:url "https://x.com/Scobleizer/status/2053367142045847649" ; schema:author :robertScoble ; schema:datePublished "2025-05-10"^^xsd:date ; schema:hasPart :faqSection, :glossarySection, :howtoSection, :grokConversation, :grokShare ; prov:wasGeneratedBy :kgGeneratorSkill ; schema:about :vishingAttack, :socialEngineering, :twoFactorAuthentication, :accountCompromise ; rdfs:isDefinedBy : . :robertScoble a schema:Person ; schema:name "Robert Scoble"@en ; schema:description "Tech influencer, ex-Microsoft, Rackspace, author of 'The Infinite Retina'"@en ; schema:url "https://x.com/Scobleizer" ; rdfs:isDefinedBy : . # Incident :incident a :SecurityIncident, :VishingAttack ; schema:name "Vishing Attack on Robert Scoble"@en ; schema:description "Social engineering via phone call impersonating Google support, bypassing 2FA"@en ; :occurredAt "2025-05-10T02:50:00Z"^^xsd:dateTime ; :originatesFrom "Warsaw"@en ; :bypassed2FA true ; schema:author :robertScoble ; rdfs:isDefinedBy : . :googleAccount a schema:Thing, :PlatformAccount ; schema:name "Google Account"@en ; rdfs:isDefinedBy : . :xAccount a schema:Thing, :PlatformAccount ; schema:name "X (Twitter) Account"@en ; rdfs:isDefinedBy : . :incident :compromisedAccount :googleAccount, :xAccount . # Grok Conversations :grokConversation a :GrokAnalysis ; schema:name "Grok Conversation Analysis"@en ; schema:url "https://x.com/i/grok?conversation=2053503270107197590" ; :analyzes :incident ; rdfs:isDefinedBy : . :grokShare a :GrokAnalysis ; schema:name "Grok Share Analysis"@en ; schema:description "Detailed step-by-step breakdown of the vishing attack and how 2FA was bypassed through social engineering"@en ; schema:url "https://x.com/i/grok/share/c9e0ced23ca84a93885259d243c2124f" ; :analyzes :incident ; schema:hasPart :attackSummary, :attackDetails, :lessonsLearned, :preventionSteps ; rdfs:isDefinedBy : . :attackSummary a schema:ArticleSection ; schema:name "Attack Summary"@en ; schema:description "Grok's summary: vishing social engineering scam bypassing 2FA through human manipulation"@en ; rdfs:isDefinedBy : . :attackDetails a schema:ArticleSection ; schema:name "Attack Details"@en ; schema:description "Step-by-step: attacker had password first, used vishing call to trick Scoble into approving 2FA prompt on his Google app"@en ; rdfs:isDefinedBy : . :lessonsLearned a schema:ArticleSection ; schema:name "Lessons Learned"@en ; schema:description "Believed caller without verification, didn't pause to use AI, was driving and panicked, followed attacker's instructions"@en ; rdfs:isDefinedBy : . :preventionSteps a schema:ArticleSection ; schema:name "Prevention Steps"@en ; schema:description "Verify support calls independently, use AI first, don't panic, never share 2FA codes"@en ; rdfs:isDefinedBy : . :grokShare schema:hasPart :attackSummary, :attackDetails, :lessonsLearned, :preventionSteps . # Key Concepts :vishingAttack a skos:Concept ; skos:prefLabel "Vishing"@en ; skos:definition "Voice phishing - phone-based social engineering attack"@en ; rdfs:isDefinedBy : . :socialEngineering a skos:Concept ; skos:prefLabel "Social Engineering"@en ; skos:definition "Psychological manipulation to trick people into security mistakes"@en ; rdfs:isDefinedBy : . :twoFactorAuthentication a skos:Concept ; skos:prefLabel "Two-Factor Authentication (2FA)"@en ; skos:definition "Security method requiring two forms of ID, vulnerable to social engineering"@en ; rdfs:isDefinedBy : . :accountCompromise a skos:Concept ; skos:prefLabel "Account Compromise"@en ; skos:definition "Unauthorized access to user accounts"@en ; rdfs:isDefinedBy : . :credentialStuffing a skos:Concept ; skos:prefLabel "Credential Stuffing"@en ; skos:definition "Using leaked credentials to access accounts"@en ; rdfs:isDefinedBy : . :pushNotification a skos:Concept ; skos:prefLabel "Push Notification 2FA"@en ; skos:definition "Mobile app notification for verifying logins"@en ; rdfs:isDefinedBy : . :numberChallenge a skos:Concept ; skos:prefLabel "Number Challenge 2FA"@en ; skos:definition "2FA method showing numbers on login screen that user must confirm in app"@en ; rdfs:isDefinedBy : . :urgentScam a skos:Concept ; skos:prefLabel "Urgency-Based Scam"@en ; skos:definition "Scam creating false urgency to prevent critical thinking"@en ; rdfs:isDefinedBy : . :aiFirstHabit a skos:Concept ; skos:prefLabel "AI-First Verification Habit"@en ; skos:definition "Using AI to verify suspicious requests before taking action"@en ; rdfs:isDefinedBy : . # FAQ Section :faqSection a schema:FAQPage ; schema:name "Frequently Asked Questions"@en ; schema:mainEntity :q1, :q2, :q3, :q4, :q5, :q6, :q7, :q8 ; schema:hasPart :q1, :q2, :q3, :q4, :q5, :q6, :q7, :q8 ; rdfs:isDefinedBy : . :q1 a schema:Question ; schema:name "What happened to Robert Scoble?"@en ; schema:text "What happened to Robert Scoble?"@en ; schema:acceptedAnswer :a1 . :a1 a schema:Answer ; schema:text "Robert Scoble experienced a social engineering hack where attackers called him impersonating Google support, tricking him into approving a 2FA prompt that gave them access to his Google account, which then led to compromise of his X (Twitter) account."@en . :q2 a schema:Question ; schema:name "Where did the attack originate?"@en ; schema:text "Where did the attack originate?"@en ; schema:acceptedAnswer :a2 . :a2 a schema:Answer ; schema:text "The attempted hack originated from Warsaw, as confirmed by Google when they called to assist Scoble after the incident."@en . :q3 a schema:Question ; schema:name "How did the attacker bypass 2FA?"@en ; schema:text "How did the attacker bypass 2FA?"@en ; schema:acceptedAnswer :a3 . :a3 a schema:Answer ; schema:text "The attacker used vishing - they started a real Google login from Warsaw, triggering Google's 2FA prompt on Scoble's phone, then instructed him over the phone to approve the login, tricking him into completing the 2FA challenge for the attacker."@en . :q4 a schema:Question ; schema:name "What accounts were compromised?"@en ; schema:text "What accounts were compromised?"@en ; schema:acceptedAnswer :a4 . :a4 a schema:Answer ; schema:text "Multiple accounts were compromised including Google and X (Twitter). The attacker posted explicit images to Scoble's X account."@en . :q5 a schema:Question ; schema:name "What mistakes did Scoble make?"@en ; schema:text "What mistakes did Scoble make?"@en ; schema:acceptedAnswer :a5 . :a5 a schema:Answer ; schema:text "Scoble admitted: 1) Believed the phone caller without verification, 2) Didn't pause to verify with an AI like Grok or ChatGPT, 3) Was driving and in a panic so rushed, 4) Followed the attacker's instructions including changing password when told."@en . :q6 a schema:Question ; schema:name "How can people prevent this?"@en ; schema:text "How can people prevent this?"@en ; schema:acceptedAnswer :a6 . :a6 a schema:Answer ; schema:text "Prevention: Always verify support calls independently (hang up and call back using a known number), use AI to verify suspicious situations before taking action, maintain 'AI first' habits even in crises, don't panic and follow instructions from unknown callers."@en . :q7 a schema:Question ; schema:name "What is vishing?"@en ; schema:text "What is vishing?"@en ; schema:acceptedAnswer :a7 . :a7 a schema:Answer ; schema:text "Vishing (voice phishing) is a social engineering attack using phone calls to impersonate legitimate organizations like support teams, tricking victims into revealing information or performing actions that compromise their security."@en . :q8 a schema:Question ; schema:name "Why is 2FA not enough?"@en ; schema:text "Why is 2FA not enough?"@en ; schema:acceptedAnswer :a8 . :a8 a schema:Answer ; schema:text "2FA (especially push notifications or number-challenge prompts) assumes users only approve legitimate attempts. Vishing attacks create urgency and position the scammer as a helper, causing users to voluntarily complete the 2FA step for the attacker."@en . # Glossary Section :glossarySection a schema:DefinedTermSet ; schema:name "Glossary"@en ; schema:hasDefinedTerm :termVishing, :term2FA, :termSocialEngineering, :termPhishing, :termCredentialStuffing, :termSSO, :termMFA, :termAccountRecovery, :termPushNotification, :termNumberChallenge ; rdfs:isDefinedBy : . :termVishing a schema:DefinedTerm ; schema:name "Vishing"@en ; schema:definition "Voice phishing - phone-based social engineering attack using voice calls to impersonate trusted entities"@en . :term2FA a schema:DefinedTerm ; schema:name "2FA"@en ; schema:definition "Two-Factor Authentication - security requiring two forms of identification"@en . :termSocialEngineering a schema:DefinedTerm ; schema:name "Social Engineering"@en ; schema:definition "Psychological manipulation to trick people into security mistakes"@en . :termPhishing a schema:DefinedTerm ; schema:name "Phishing"@en ; schema:definition "Fraudulent emails/messages to steal sensitive information"@en . :termCredentialStuffing a schema:DefinedTerm ; schema:name "Credential Stuffing"@en ; schema:definition "Using leaked username/password pairs to access accounts"@en . :termSSO a schema:DefinedTerm ; schema:name "SSO"@en ; schema:definition "Single Sign-On - using one account to log into multiple services"@en . :termMFA a schema:DefinedTerm ; schema:name "MFA"@en ; schema:definition "Multi-Factor Authentication - requiring multiple forms of verification"@en . :termAccountRecovery a schema:DefinedTerm ; schema:name "Account Recovery"@en ; schema:definition "Process to regain access to accounts via email, phone, or security questions"@en . :termPushNotification a schema:DefinedTerm ; schema:name "Push Notification 2FA"@en ; schema:definition "Mobile app notification for verifying logins"@en . :termNumberChallenge a schema:DefinedTerm ; schema:name "Number Challenge 2FA"@en ; schema:definition "2FA showing numbers on login screen that user must confirm in app"@en . # HowTo Section :howtoSection a schema:HowTo ; schema:name "How to Protect Against Vishing Attacks"@en ; schema:step :step1, :step2, :step3, :step4, :step5, :step6, :step7 ; rdfs:isDefinedBy : . :step1 a schema:HowToStep ; schema:name "Verify independently"@en ; schema:text "When receiving an unexpected support call, hang up and call back using a number from the company's official website, not the number provided by the caller."@en ; schema:position 1 . :step2 a schema:HowToStep ; schema:name "Use AI verification"@en ; schema:text "Before taking any security action, ask an AI like Grok or ChatGPT to verify if the request is legitimate."@en ; schema:position 2 . :step3 a schema:HowToStep ; schema:name "Don't panic"@en ; schema:text "Attackers create urgency. Take a breath and don't make decisions under pressure."@en ; schema:position 3 . :step4 a schema:HowToStep ; schema:name "Never share 2FA codes"@en ; schema:text "Never read aloud or enter 2FA codes for someone who called you - legitimate support never asks for this."@en ; schema:position 4 . :step5 a schema:HowToStep ; schema:name "Use hardware keys"@en ; schema:text "Where possible, use hardware security keys (like YubiKey) instead of SMS or app-based 2FA."@en ; schema:position 5 . :step6 a schema:HowToStep ; schema:name "Review account activity"@en ; schema:text "Regularly check login history and account activity for unknown locations or devices."@en ; schema:position 6 . :step7 a schema:HowToStep ; schema:name "Maintain AI-first habits"@en ; schema:text "When in doubt, use AI as your first verification step before taking any security action."@en ; schema:position 7 . # Skill :kgGeneratorSkill a schema:SoftwareApplication ; schema:name "kg-generator skill"@en ; schema:url ; schema:description "Skill for generating RDF knowledge graphs from URLs"@en ; rdfs:isDefinedBy : .