Intentionally top posting: Just in an effort to keep my warning on target, I (and I think the consensus of others on this list) is that the problem that occurred was not an XSS attack).
Remember that the incident was that I dialed a known good number of a financial institution 3 times, 2 times I got the financial institution, one time I got a scammer. (And further, the Google Voice logs show that I dialed the same number all three times.) On Saturday, December 25, 2021 12:03:00 PM Andrei POPESCU wrote: > On Ma, 21 dec 21, 10:13:07, Jeremy Ardley wrote: > > On 21/12/21 10:09 am, Jeremy Ardley wrote:s. > > > > > There is a type of attack called cross-site scripting (XSS). It's > > > mostly been eliminated by latest version browsers, but there are > > > always zero-day vulnerabilities. > > > > > > The effect is that if you are vulnerable and have two tabs open, one to > > > the legitimate site, and one to a bad guy site, the bad guy can alter > > > your trusted site and for instance change a valid link into something > > > malicious, or change a displayed phone number. > > > > > > More at https://owasp.org/www-community/attacks/xss/ > > > > You can mitigate XSS by having a single browser that is used solely to > > access high value sites. e.g. if you routinely run Firefox, have a copy > > of Vivaldi that you use to access your banks - one at a time. > > Hopefully Multi-Account Containers helps with this as well, point 4. in > the "What you can do with Multi-Account Containers" seems to imply it. > > https://support.mozilla.org/en-US/kb/containers