On Thursday, December 23, 2021 04:26:54 PM Jeremy Ardley wrote:
> Getting back to the OP, on the scale of likelihood:
>
> - zero probability a bad guy was sitting across the street to intercept
> his phone
>
> - zero probability a carrier exchange was compromised by a non-state actor
>
> - moderate probability the financial institution PBX was compromised
>
> - good probability the OP computer *could* have been compromised - it's
> relatively easy but may not have happened
I don't think my computer is relevant -- the ObiHai VOIP device is a self
contained device -- it doesn't need / use my computer for anything except:
* many years ago, iirc, and occasionally since then, I've used it to go to
an ObiHai web page to set up the ObiHai device, and specify the "provider"
(Google Voice). (Occasionally since then I've had to go back to that page and
check or re-setup the device.)
* if I want to do things like view the Google Voice phone log, I do that on
a web page (on my computer).
>
> My working theory is the financial institution PBX was compromised and a
> small percentage of inbound calls intercepted. It was the OP's bad luck
> to be one of those.
It's a process. Always work from the most probable to the least. As outlined, google is the least likely and you and devices you control are the most likely. Vet one move on to the next. It's a simple process and as long as you're thorough it's the best approach to draw a solid conclusion.
If the device isn't compromised (which, you saying so doesn't in any way vet the device as safe and not compromised btw) then the desktop you got the number from is the next step to vet. What OS are you running, what endpoint security do you have...etc. next after that would be your home network. What router/gateway/firewall do you have? What dns service do you use (could be key imo)? So on and so forth until we find the smoking gun. This would go all the way to speaking with a legit person at the financial firm about their PBX which you will no doubt find huge degrees of resistance.
One thing that breaks this process is the user making statements based on previous knowledge or assumption like you just did about your obi device. You have to vet aspects even if you know them to be clean. Your assumption and emotion have no room in this process IF you want to find the truth.