On Tue, Dec 21, 2021, 17:23 tv.deb...@googlemail.com < tv.deb...@googlemail.com> wrote:
> Le 21/12/2021 à 16:20, Richmond a écrit : > > Jeremy Ardley <jer...@ardley.org> writes: > > > >> On 21/12/21 9:59 am, rhkra...@gmail.com wrote: > >>> On Monday, December 20, 2021 02:28:13 PM Brian wrote: > >>>> On Mon 20 Dec 2021 at 10:32:31 -0500, rhkra...@gmail.com wrote: > >>>>> My identity has been stolen, and although it has nothing to do with > >>>> [...] > >>>> > >>>> May we know the URL of the financial website you contacted and the > >>>> help number you phoned. > >>> The website is troweprice.com, and the phone number is 855/654-5324. > >>> > >>> It looks like I didn't record the actual URL that I was on, but I > don't think > >>> you could see that exact page in any case as it was an https page and > one that > >>> showed my account numbers and balances. > >>> > >> > >> There is a type of attack called cross-site scripting (XSS). It's > >> mostly been eliminated by latest version browsers, but there are > >> always zero-day vulnerabilities. > >> > >> The effect is that if you are vulnerable and have two tabs open, one > >> to the legitimate site, and one to a bad guy site, the bad guy can > >> alter your trusted site and for instance change a valid link into > >> something malicious, or change a displayed phone number. > >> > >> More at https://owasp.org/www-community/attacks/xss/ > > > > That doesn't explain how the phone log showed the correct number had > > been dialled. I suppose it is possible a call was in progress or came in > > at the exact moment that the number was dialled. But then how did the > > number get logged as a call? > > > > One possiblity is that the target (recipient of the call) company > internal communication network was compromised. That happens quite > often, not as much as mail servers but it is still not unknown. > > My money is on this^. They're probably hosting some services (phones but > not necessarily) on premise and has been compromised. Another probable > scenario imo is they're forwarding to cell phones due to pandemic/WFH and > every now and then you're landing on a spoofed sim card.