Re: Identity Theft

["tv.debian@googlemail.com" <tv.debian@googlemail.com>]

Le 21/12/2021 à 16:20, Richmond a écrit :
> Jeremy Ardley <jeremy@ardley.org> writes:
>
> > On 21/12/21 9:59 am, rhkramer@gmail.com wrote:
> > > On Monday, December 20, 2021 02:28:13 PM Brian wrote:
> > > > On Mon 20 Dec 2021 at 10:32:31 -0500, rhkramer@gmail.com wrote:
> > > > > My identity has been stolen, and although it has nothing to do with
> > > > [...]
> > > >
> > > > May we know the URL of the financial website you contacted and the
> > > > help number you phoned.
> > > The website is troweprice.com, and the phone number is 855/654-5324.
> > >
> > > It looks like I didn't record the actual URL that I was on, but I don't think
> > > you could see that exact page in any case as it was an https page and one that
> > > showed my account numbers and balances.
> >
> > There is a type of attack called cross-site scripting (XSS). It's
> > mostly been eliminated by latest version browsers, but there are
> > always zero-day vulnerabilities.
> >
> > The effect is that if you are vulnerable and have two tabs open, one
> > to the legitimate site, and one to a bad guy site, the bad guy can
> > alter your trusted site and for instance change a valid link into
> > something malicious, or change a displayed phone number.
> >
> > More at https://owasp.org/www-community/attacks/xss/
>
> That doesn't explain how the phone log showed the correct number had
> been dialled. I suppose it is possible a call was in progress or came in
> at the exact moment that the number was dialled. But then how did the
> number get logged as a call?

One possiblity is that the target (recipient of the call) company 
internal communication network was compromised. That happens quite 
often, not as much as mail servers but it is still not unknown.