BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//pretalx.com//bsides-tallinn-2025//YFL3M8
BEGIN:VTIMEZONE
TZID:EET
BEGIN:STANDARD
DTSTART:20000101T000000
RRULE:FREQ=YEARLY;BYMONTH=1;UNTIL=20001231T220000Z
TZNAME:EET
TZOFFSETFROM:+0200
TZOFFSETTO:+0200
END:STANDARD
BEGIN:STANDARD
DTSTART:20021027T050000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10
TZNAME:EET
TZOFFSETFROM:+0300
TZOFFSETTO:+0200
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:20020331T040000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=3
TZNAME:EEST
TZOFFSETFROM:+0200
TZOFFSETTO:+0300
END:DAYLIGHT
END:VTIMEZONE
BEGIN:VEVENT
UID:pretalx-bsides-tallinn-2025-YYCDXX@pretalx.com
DTSTART;TZID=EET:20250925T150000
DTEND;TZID=EET:20250925T154500
DESCRIPTION:Bolt's product security team secures applications for over 200 
 million customers and 4.5 million partners across 600+ cities in 50 countr
 ies. This massive scale makes our platform a prime target for a diverse ar
 ray of malicious actors\, many of whom specialise in scalable\, low-tech s
 cams. We've seen an increasing professionalisation even in these "low-tech
 " schemes\, leading to an arms race between threat actors and security mea
 sures that often unfolds within weeks\, if not days.\n\nTraditional phishi
 ng techniques are now being repurposed from email to modern chat applicati
 ons. We're observing 2FA bypasses via recovery flows and constant probing 
 for business logic issues that can be abused for quick financial gain.\n\n
 During this presentation\, we'll shed light on the variety of sophisticate
 d phishing techniques we've encountered in the wild. Attendees will gain i
 nsights into:\n\nAbused Communication Channels: Discover how in-app chat f
 unctionality and chat applications such as Telegram and WhatsApp are misus
 ed.\n\nReward vs Punishment: Understand persuasion techniques threat actor
 s use to manipulate targets.\n\nBypassing Protections: Learn how 2FA\, cha
 t filtering and business logic checks could be bypassed. \n\nAuthenticatio
 n Strengths & Weaknesses: Explore the benefits and drawbacks of existing a
 uthentication methods
DTSTAMP:20251016T114458Z
LOCATION:Stage 2
SUMMARY:Don't Take the Bait - Online deception beyond your Inbox - Andres J
 õgi
URL:https://pretalx.com/bsides-tallinn-2025/talk/YYCDXX/
END:VEVENT
END:VCALENDAR