Identity Theft
My identity has been stolen, and although it has nothing to do with Debian, Linux, or computing (well, in general). I thought it would be educational / important to notify everyone I can of what happened. I did not believe it could happen, but I have convinced myself and have reasonable proof of what happened. My description starts off talking about using a computer, but that has little or nothing to do with what happened. I was on my computer, logged into a financial website, on which I could view things like my account number, current balance, and such. I needed some help, so I looked for a help number on that page. I found one and called it, and got a scammer (although I didn't realize it until too much later). He said he was from the financial website I was dealing with, and asked me to "verify" my information before he could answer my questions (or connect me to someone else to do that). On that pretext, he asked (and I answered) a lot of questions about my identity -- more than I should have, including things, like my mailing address, DOB, SSN (iirc), and, among other things, a credit card number and such. (Things like my full SSN (instead of just the last 4 digits), a credit card, and maybe DOB should have been red flags. I feel very stupid.) To get the help I needed he directed me to make another call which was furtherance to the scam, he wanted me to say yes to the questions asked on that 2nd call in order to place an order for some service (with an initial fee and then a monthly fee, probably forever). Once I realized and was quite certain that I had talked to a scammer, I called the same number (on which I got the scammer) again, and this time I got a bona fide representative of the financial company (verified by me after some extensive conversation). Once I was sure I was scammed, I hung up to try to deal with any mitigation of the problem that I could do. Later in the day, I called the same number again, and again got a bona fide representative of the financial company during which we did things like lock the account. In between those last two calls, I started calling other companies and such (e.g., the company that issued the credit card) to take steps to continue to mitigate the problem. The credit card company did have a charge on record that was not made by me (at least not intentionally) -- they deleted that charge, cancelled the credit card, arranged to issue a new one, etc. Here are some of the "kickers": * At first I thought maybe I had misdialed the number the first time, but my calls are made over VOIP with Google Voice as the "provider" -- Google Voice logs my calls (time, duration, number called or calling) and the log confirmed that I dialed the same number all three times. * After this happened, I googled for more information, eventually googling on the key words "telephone intercept" which did lead to some somewhat useful information (some was about legal entities who can be allowed to intercept phone calls (e.g., a wiretap)). The information I found indicated that what happened to me is a known thing for cellphones, but I could find nothing to indicate that it was a known thing for VOIP calls (nor for landlines). So, beware. Note: The only problem that has occurred so far is a fairly small fraudulent charge on my credit card, but my information is "out there" so who knows what may happen in the future. I've done (or am in the process of doing) what I think are all the right things as far as protecting myself, including things like: * making a report to my local police department and getting an incident number (they do not have the capabilities to investigate such a thing, but some, maybe all entities like insurance companies insist on having such a report in case of doing things like filing a claim * reporting it to all the credit rating agencies and freezing my accounts / reports (at first, they just put a warning in your credit report, I later found that I could freeze the report so no one could even access it -- I can unfreeze the freeze if I need to allow some financial institution access to it for some reason (and then refreeze it). (Aside: iirc, one agency will maintain the freeze for 7 years, another one does it for 99 years, I will have to put a reminder on my calendar to remember to renew at that time ;-) As a more serious aside, at the time I was aware of only 3 credit rating agencies, I've since become aware of at least two more which I will investitate and if the seem legitimate, I will freeze the reports there as well.) * I signed up with one of the companies like LIfeLock (actually, I chose Aura), who among other things will monitor the dark web for activity related to me. I have since found that my bank offers a free service to do the same thing, so I will be signing up with them. * I am changing (and mostly have changed) the username and password on all my
Re: Identity Theft
On Mon, Dec 20, 2021 at 9:33 AM wrote: > My identity has been stolen, and although it has nothing to do with > Debian, > Linux, or computing (well, in general). I thought it would be educational > / > important to notify everyone I can of what happened. > > > This is part of what prompted my report to the FBI -- they don't promise > to do > anything about it, but the implication / inference I get is that they will > not > delete the report. (And they will look at the report and consider taking > action of some sort, iiuc.) > The FBI is not necessarily bound by statute-of-limitation issues as state prosecutors are. In Chicago, the FBI lured and shot John Dillinger behind the Biograph Theater. The seat that the Lady In Red sat in was refinished in red velvet. And nearly 40 years later they helped assassinate the Black Panther leaders Fred Hampton and Mark Clark. Very sorry about what happened, it's always a concern.
Re: Identity Theft
Did you notify Google? Seems likely that's where the hole is. -- John Hasler j...@sugarbit.com Elmwood, WI USA
Re: Identity Theft
On Mon, 20 Dec 2021, at 16:12, John Hasler wrote: > Did you notify Google? Seems likely that's where the hole is. How would Google intercept a financial institution's valid phone number? -- Jeremy Nicoll - my opinions are my own.
Re: Identity Theft
Jeremy Nicoll writes: > How would Google intercept a financial institution's valid phone > number? He was using Google Voice. -- John Hasler j...@sugarbit.com Elmwood, WI USA
Re: Identity Theft
On Mon, Dec 20, 2021 at 12:31 PM John Hasler wrote: > Jeremy Nicoll writes: > > How would Google intercept a financial institution's valid phone > > number? > > He was using Google Voice. > Moreover the vast bulk of the USA's phone traffic outside the local central office service area is VoIP over fiber. Long-distance traffic as well. > John Hasler > j...@sugarbit.com > Elmwood, WI USA > >
Re: Identity Theft
On Mon, Dec 20, 2021 at 12:47 PM Nicholas Geovanis wrote: > > On Mon, Dec 20, 2021 at 12:31 PM John Hasler wrote: > >> Jeremy Nicoll writes: >> > How would Google intercept a financial institution's valid phone >> > number? >> >> He was using Google Voice. >> > > Moreover the vast bulk of the USA's phone traffic outside the local > central office > service area is VoIP over fiber. Long-distance traffic as well. > Of course the same is true of your cellular voice traffic. Once it transits your nearby cellphone tower it travels on "someone's" fiber. > > >> John Hasler >> j...@sugarbit.com >> Elmwood, WI USA >> >>
Re: Identity Theft
On Mon, 20 Dec 2021, at 18:30, John Hasler wrote: > Jeremy Nicoll writes: >> How would Google intercept a financial institution's valid >> phone number? > > He was using Google Voice. When the OP "found" a number on screen, to ring, does that mean he eg clicked on the display of a number and then some software he has connected to a different number? Or did he use his eyes and read the number off the screen, then "dial" (presumably in software) that number he saw displayed (which later apparently worked properly) and got someone else? -- Jeremy Nicoll - my opinions are my own.
Re: Identity Theft
On Mon 20 Dec 2021 at 10:32:31 -0500, rhkra...@gmail.com wrote: > My identity has been stolen, and although it has nothing to do with Debian, > Linux, or computing (well, in general). I thought it would be educational / > important to notify everyone I can of what happened. > > I did not believe it could happen, but I have convinced myself and have > reasonable proof of what happened. > > My description starts off talking about using a computer, but that has little > or nothing to do with what happened. > > I was on my computer, logged into a financial website, on which I could view > things like my account number, current balance, and such. > > I needed some help, so I looked for a help number on that page. I found one > and called it, and got a scammer (although I didn't realize it until too much > later). [...] May we know the URL of the financial website you contacted and the help number you phoned. -- Brian.
Re: Identity Theft
On Monday, December 20, 2021 02:09:13 PM Jeremy Nicoll wrote: > On Mon, 20 Dec 2021, at 18:30, John Hasler wrote: > > Jeremy Nicoll writes: > >> How would Google intercept a financial institution's valid > >> phone number? > > > > He was using Google Voice. > > When the OP "found" a number on screen, to ring, does that > mean he eg clicked on the display of a number and then some > software he has connected to a different number? > > Or did he use his eyes and read the number off the screen, > then "dial" (presumably in software) that number he saw > displayed (which later apparently worked properly) and got > someone else? I used my eyes to read the number off the screen and then dial my separate phone (not attached to a computer (well, other than the ObiHai VOIP device).
Re: Identity Theft
On Monday, December 20, 2021 02:28:13 PM Brian wrote: > On Mon 20 Dec 2021 at 10:32:31 -0500, rhkra...@gmail.com wrote: > > My identity has been stolen, and although it has nothing to do with > > [...] > > May we know the URL of the financial website you contacted and the > help number you phoned. The website is troweprice.com, and the phone number is 855/654-5324. It looks like I didn't record the actual URL that I was on, but I don't think you could see that exact page in any case as it was an https page and one that showed my account numbers and balances.
Re: Identity Theft
On 21/12/21 9:59 am, rhkra...@gmail.com wrote: On Monday, December 20, 2021 02:28:13 PM Brian wrote: On Mon 20 Dec 2021 at 10:32:31 -0500, rhkra...@gmail.com wrote: My identity has been stolen, and although it has nothing to do with [...] May we know the URL of the financial website you contacted and the help number you phoned. The website is troweprice.com, and the phone number is 855/654-5324. It looks like I didn't record the actual URL that I was on, but I don't think you could see that exact page in any case as it was an https page and one that showed my account numbers and balances. There is a type of attack called cross-site scripting (XSS). It's mostly been eliminated by latest version browsers, but there are always zero-day vulnerabilities. The effect is that if you are vulnerable and have two tabs open, one to the legitimate site, and one to a bad guy site, the bad guy can alter your trusted site and for instance change a valid link into something malicious, or change a displayed phone number. More at https://owasp.org/www-community/attacks/xss/ -- Jeremy OpenPGP_signature Description: OpenPGP digital signature
Re: Identity Theft
On 21/12/21 10:09 am, Jeremy Ardley wrote:s. There is a type of attack called cross-site scripting (XSS). It's mostly been eliminated by latest version browsers, but there are always zero-day vulnerabilities. The effect is that if you are vulnerable and have two tabs open, one to the legitimate site, and one to a bad guy site, the bad guy can alter your trusted site and for instance change a valid link into something malicious, or change a displayed phone number. More at https://owasp.org/www-community/attacks/xss/ You can mitigate XSS by having a single browser that is used solely to access high value sites. e.g. if you routinely run Firefox, have a copy of Vivaldi that you use to access your banks - one at a time. -- Jeremy OpenPGP_signature Description: OpenPGP digital signature
Re: Identity Theft
rhkramer writes: > I used my eyes to read the number off the screen and then dial my > separate phone (not attached to a computer (well, other than the > ObiHai VOIP device). Didn't you also say that you later verified the number by checking the logs in your Google account? -- John Hasler j...@sugarbit.com Elmwood, WI USA
Re: Identity Theft
Dec 21, 2021, 02:13 by jer...@ardley.org: > You can mitigate XSS by having a single browser that is used solely to access > high value sites. e.g. if you routinely run Firefox, have a copy of Vivaldi > that you use to access your banks - one at a time. > Installing NoScript also may help as it has an option to sanitize cross-site suspicious requests. NoScript also speeds up the browser by disabling all the tracking and spying scripts many sites load nowadays. Just make sure to disable all the garbage it has enabled by default after the installation.
Re: Identity Theft
On Tue, Dec 21, 2021, 3:15 AM local10 wrote: > Dec 21, 2021, 02:13 by jer...@ardley.org: > > > You can mitigate XSS by having a single browser that is used solely to > access high value sites. e.g. if you routinely run Firefox, have a copy of > Vivaldi that you use to access your banks - one at a time. > > > > > Installing NoScript also may help as it has an option to sanitize > cross-site suspicious requests. NoScript also speeds up the browser by > disabling all the tracking and spying scripts many sites load nowadays. > Just make sure to disable all the garbage it has enabled by default after > the installation. > +1 on NoScript. I particularly like the White List capabilities, where you can allow Scripts by Website, and even only one time. I only know it to work with Firefox, at this time. Kenneth Parker >
Re: Identity Theft
On Dienstag, 21. Dezember 2021 09:43:42 -03 Kenneth Parker wrote: > On Tue, Dec 21, 2021, 3:15 AM local10 wrote: > > Dec 21, 2021, 02:13 by jer...@ardley.org: > > > You can mitigate XSS by having a single browser that is used > > > solely to> > > access high value sites. e.g. if you routinely run Firefox, have a > > copy of Vivaldi that you use to access your banks - one at a time. > > > > > > > > Installing NoScript also may help as it has an option to sanitize > > cross-site suspicious requests. NoScript also speeds up the browser > > by disabling all the tracking and spying scripts many sites load > > nowadays. Just make sure to disable all the garbage it has enabled > > by default after the installation. > > +1 on NoScript. I particularly like the White List capabilities, > where you can allow Scripts by Website, and even only one time. I > only know it to work with Firefox, at this time. > > Kenneth Parker Is this *No-Script Suite Lite by AdblockLite[1]* (this one has a whitelist feature) or *NoScript Security Suite by Giorgio Maone[2]* (has a whitelist feature too) or other? I'm using Privicy Badger among other means like limiting and redirecting DNS requests. But that does not avoid JS. Cheers Eike [1] https://addons.mozilla.org/en-US/firefox/user/11285580/ [2] https://addons.mozilla.org/en-US/firefox/user/143/
Re: Identity Theft
Le 21/12/2021 à 14:24, Eike Lantzsch ZP6CGE a écrit : On Dienstag, 21. Dezember 2021 09:43:42 -03 Kenneth Parker wrote: On Tue, Dec 21, 2021, 3:15 AM local10 wrote: Dec 21, 2021, 02:13 by jer...@ardley.org: You can mitigate XSS by having a single browser that is used solely to> access high value sites. e.g. if you routinely run Firefox, have a copy of Vivaldi that you use to access your banks - one at a time. Installing NoScript also may help as it has an option to sanitize cross-site suspicious requests. NoScript also speeds up the browser by disabling all the tracking and spying scripts many sites load nowadays. Just make sure to disable all the garbage it has enabled by default after the installation. +1 on NoScript. I particularly like the White List capabilities, where you can allow Scripts by Website, and even only one time. I only know it to work with Firefox, at this time. Kenneth Parker Is this *No-Script Suite Lite by AdblockLite[1]* (this one has a whitelist feature) or *NoScript Security Suite by Giorgio Maone[2]* (has a whitelist feature too) or other? I'm using Privicy Badger among other means like limiting and redirecting DNS requests. But that does not avoid JS. Cheers Eike [1] https://addons.mozilla.org/en-US/firefox/user/11285580/ [2] https://addons.mozilla.org/en-US/firefox/user/143/ It is the second one, "Noscript" in one word [1]. Several look-alike have spawn over the years. I also use Umatrix [2], but it is more complex. For Firefox: [1] https://addons.mozilla.org/fr/firefox/addon/noscript/ [2] https://addons.mozilla.org/fr/firefox/addon/umatrix/ At least one of those is packaged in Debian.
Re: Identity Theft
Le 21/12/2021 à 14:24, Eike Lantzsch ZP6CGE a écrit : On Dienstag, 21. Dezember 2021 09:43:42 -03 Kenneth Parker wrote: On Tue, Dec 21, 2021, 3:15 AM local10 wrote: Dec 21, 2021, 02:13 by jer...@ardley.org: You can mitigate XSS by having a single browser that is used solely to> access high value sites. e.g. if you routinely run Firefox, have a copy of Vivaldi that you use to access your banks - one at a time. Installing NoScript also may help as it has an option to sanitize cross-site suspicious requests. NoScript also speeds up the browser by disabling all the tracking and spying scripts many sites load nowadays. Just make sure to disable all the garbage it has enabled by default after the installation. +1 on NoScript. I particularly like the White List capabilities, where you can allow Scripts by Website, and even only one time. I only know it to work with Firefox, at this time. Kenneth Parker Is this *No-Script Suite Lite by AdblockLite[1]* (this one has a whitelist feature) or *NoScript Security Suite by Giorgio Maone[2]* (has a whitelist feature too) or other? I'm using Privicy Badger among other means like limiting and redirecting DNS requests. But that does not avoid JS. Cheers Eike [1] https://addons.mozilla.org/en-US/firefox/user/11285580/ [2] https://addons.mozilla.org/en-US/firefox/user/143/ To follow up on myself, shamelessly ;-) , noscript and umatrix are packaged in Debian (depending on your version), and both protect from cross site scripting. Packages are "webext-umatrix" and "webext-noscript".
Re: Identity Theft
On Tue, 21 Dec 2021, tv.deb...@googlemail.com wrote: Le 21/12/2021 ? 14:24, Eike Lantzsch ZP6CGE a ?crit?: It is the second one, "Noscript" in one word [1]. Several look-alike have spawn over the years. I also use Umatrix [2], but it is more complex. For Firefox: [1] https://addons.mozilla.org/fr/firefox/addon/noscript/ [2] https://addons.mozilla.org/fr/firefox/addon/umatrix/ At least one of those is packaged in Debian. Will umatrix still work in firefox 91? Certainly didn't work for me in android v92.
Re: Identity Theft
21.12.21, 15:10 +0100, Tim Woodall: Will umatrix still work in firefox 91? Yes. -- Regards mks
Re: Identity Theft
Tim Woodall wrote: > On Tue, 21 Dec 2021, tv.deb...@googlemail.com wrote: > > > Le 21/12/2021 ? 14:24, Eike Lantzsch ZP6CGE a ?crit?: > > It is the second one, "Noscript" in one word [1]. Several look-alike > > have spawn over the years. I also use Umatrix [2], but it is more > > complex. > > > > For Firefox: > > [1] https://addons.mozilla.org/fr/firefox/addon/noscript/ > > [2] https://addons.mozilla.org/fr/firefox/addon/umatrix/ > > > > At least one of those is packaged in Debian. > > > > Will umatrix still work in firefox 91? > > Certainly didn't work for me in android v92. Yes, it does. Android's Firefox is a completely different codebase, and there is support for only a small number of addons there. That said, the primary developer of uMatrix has stopped working on it, and recommends that people switch to uBlock Origin instead. -dsr-
Re: Identity Theft
On 2021-12-21 at 09:10, Tim Woodall wrote: > On Tue, 21 Dec 2021, tv.deb...@googlemail.com wrote: > >> Le 21/12/2021 ? 14:24, Eike Lantzsch ZP6CGE a ?crit?: >> >> It is the second one, "Noscript" in one word [1]. Several >> look-alike have spawn over the years. I also use Umatrix [2], but >> it is more complex. >> >> For Firefox: >> [1] https://addons.mozilla.org/fr/firefox/addon/noscript/ >> [2] https://addons.mozilla.org/fr/firefox/addon/umatrix/ >> >> At least one of those is packaged in Debian. > > Will umatrix still work in firefox 91? > > Certainly didn't work for me in android v92. Is uMatrix on the whitelist of extensions that are allowed on the mobile version of Firefox? Some good number of releases ago, Mozilla completely redid the mobile version of Firefox, and in the process dropped support for most of the extension base - as in, they restricted the allowed extensions to only those in a defined list, and started that list out with a grand total of *nine* items. (See [1] for some at-the-time commentary on this.) I understand that in the time since then they've gradually expanded the list of allowed extensions, but at nothing like a rapid pace, and with no sign that they even intend to ever let the broad scope of extensions be installable (much less usable) for mobile-device Firefox again. It's always possible that uMatrix is one of the whitelisted extensions, but I wouldn't be even slightly surprised if it weren't. [1] https://palant.info/2020/08/31/a-grim-outlook-on-the-future-of-browser-add-ons/ -- The Wanderer The reasonable man adapts himself to the world; the unreasonable one persists in trying to adapt the world to himself. Therefore all progress depends on the unreasonable man. -- George Bernard Shaw signature.asc Description: OpenPGP digital signature
Re: Identity Theft
Jeremy Ardley writes: > On 21/12/21 9:59 am, rhkra...@gmail.com wrote: >> On Monday, December 20, 2021 02:28:13 PM Brian wrote: >>> On Mon 20 Dec 2021 at 10:32:31 -0500, rhkra...@gmail.com wrote: My identity has been stolen, and although it has nothing to do with >>> [...] >>> >>> May we know the URL of the financial website you contacted and the >>> help number you phoned. >> The website is troweprice.com, and the phone number is 855/654-5324. >> >> It looks like I didn't record the actual URL that I was on, but I don't think >> you could see that exact page in any case as it was an https page and one >> that >> showed my account numbers and balances. >> > > There is a type of attack called cross-site scripting (XSS). It's > mostly been eliminated by latest version browsers, but there are > always zero-day vulnerabilities. > > The effect is that if you are vulnerable and have two tabs open, one > to the legitimate site, and one to a bad guy site, the bad guy can > alter your trusted site and for instance change a valid link into > something malicious, or change a displayed phone number. > > More at https://owasp.org/www-community/attacks/xss/ That doesn't explain how the phone log showed the correct number had been dialled. I suppose it is possible a call was in progress or came in at the exact moment that the number was dialled. But then how did the number get logged as a call?
Re: Identity Theft
On 2021-12-21, rhkra...@gmail.com wrote: > > I used my eyes to read the number off the screen and then dial my separate > phone (not attached to a computer (well, other than the ObiHai VOIP device). > > I called a major international financial institution the other day with a telephone number memorized by my cell phone that I've used conceivably a hundred times previously over the years (I telephone monthly). I call a specific department in offices located on the East Coast of the United States. When the other end picked up, I heard a recorded message that gave me the impression that the Bristol Furniture Company might have moved in (a female voice spoke in a distinctly English accent about something unrelated to anything). I was so surprised I forgot exactly what she said. At any rate, it was neither my financial institutional nor the phone company. I found an 877 number on the WWW and finally reached my party (internal transfers still worked to this specific line). I asked the employee over the phone what was up; he told me they were aware of the issue and having "trouble with their phones."
Re: Identity Theft
On Monday, December 20, 2021 09:13:07 PM Jeremy Ardley wrote: > On 21/12/21 10:09 am, Jeremy Ardley wrote:s. > > > There is a type of attack called cross-site scripting (XSS). It's > > mostly been eliminated by latest version browsers, but there are > > always zero-day vulnerabilities. > > > > The effect is that if you are vulnerable and have two tabs open, one > > to the legitimate site, and one to a bad guy site, the bad guy can > > alter your trusted site and for instance change a valid link into > > something malicious, or change a displayed phone number. > > > > More at https://owasp.org/www-community/attacks/xss/ > > You can mitigate XSS by having a single browser that is used solely to > access high value sites. e.g. if you routinely run Firefox, have a copy > of Vivaldi that you use to access your banks - one at a time. I have an almost up-to-date copy of Firefox that I use for my high value sites, and that is the copy of Firefox that I used at the time.
Re: Identity Theft
On Monday, December 20, 2021 09:09:05 PM Jeremy Ardley wrote: > There is a type of attack called cross-site scripting (XSS). It's mostly > been eliminated by latest version browsers, but there are always > zero-day vulnerabilities. > > The effect is that if you are vulnerable and have two tabs open, one to > the legitimate site, and one to a bad guy site, the bad guy can alter > your trusted site and for instance change a valid link into something > malicious, or change a displayed phone number. > > More at https://owasp.org/www-community/attacks/xss/ Hmm, I forgot to snip the last response I sent. Thanks for the information -- I never really knew what cross-site scripting (XSS) is -- I have an idea now, and I'll read the link you sent me, and maybe more. But, in this case, I'm sure that was not the problem. Dial 855/654-5324 (perhaps more than once) and see who you get, I'm sure that on at least one of those calls you'll be convinced you're talking to T. Rowe Price. (But you may get a scammer, sometimes, like I did.)
Re: Identity Theft
On Tuesday, December 21, 2021 10:52:56 AM Curt wrote: > On 2021-12-21, rhkra...@gmail.com wrote: > > I used my eyes to read the number off the screen and then dial my > > separate phone (not attached to a computer (well, other than the ObiHai > > VOIP device). > > I called a major international financial institution the other day with > a telephone number memorized by my cell phone that I've used conceivably > a hundred times previously over the years (I telephone monthly). I call > a specific department in offices located on the East Coast of the United > States. When the other end picked up, I heard a recorded message that > gave me the impression that the Bristol Furniture Company might have > moved in (a female voice spoke in a distinctly English accent about > something unrelated to anything). I was so surprised I forgot exactly > what she said. At any rate, it was neither my financial institutional > nor the phone company. I found an 877 number on the WWW and finally > reached my party (internal transfers still worked to this specific > line). I asked the employee over the phone what was up; he told me they > were aware of the issue and having "trouble with their phones." Ahh, thank you -- maybe some confirmation that I'm not crazy. ;-) What kind of phone did you use to make the call -- I mean cell phone, POTS, VOIP phone, or maybe something else?
Re: Identity Theft
On Tue, 21 Dec 2021, The Wanderer wrote: On 2021-12-21 at 09:10, Tim Woodall wrote: Will umatrix still work in firefox 91? Certainly didn't work for me in android v92. Is uMatrix on the whitelist of extensions that are allowed on the mobile version of Firefox? Some good number of releases ago, Mozilla completely redid the mobile version of Firefox, and in the process dropped support for most of the extension base - as in, they restricted the allowed extensions to only those in a defined list, and started that list out with a grand total of *nine* items. (See [1] for some at-the-time commentary on this.) I understand that in the time since then they've gradually expanded the list of allowed extensions, but at nothing like a rapid pace, and with no sign that they even intend to ever let the broad scope of extensions be installable (much less usable) for mobile-device Firefox again. It's always possible that uMatrix is one of the whitelisted extensions, but I wouldn't be even slightly surprised if it weren't. [1] https://palant.info/2020/08/31/a-grim-outlook-on-the-future-of-browser-add-ons/ Interesting read. Thanks. I've just installed the kiwi browser which does allow extensions. I found it while googling how to install extensions on vivaldi android (which it seems you cannot)
Re: Identity Theft
On 2021-12-21, rhkra...@gmail.com wrote: >> >> I called a major international financial institution the other day with >> a telephone number memorized by my cell phone that I've used conceivably >> a hundred times previously over the years (I telephone monthly). I call >> a specific department in offices located on the East Coast of the United >> States. When the other end picked up, I heard a recorded message that >> gave me the impression that the Bristol Furniture Company might have >> moved in (a female voice spoke in a distinctly English accent about >> something unrelated to anything). I was so surprised I forgot exactly >> what she said. At any rate, it was neither my financial institutional >> nor the phone company. I found an 877 number on the WWW and finally >> reached my party (internal transfers still worked to this specific >> line). I asked the employee over the phone what was up; he told me they >> were aware of the issue and having "trouble with their phones." > > Ahh, thank you -- maybe some confirmation that I'm not crazy. ;-) > > What kind of phone did you use to make the call -- I mean cell phone, POTS, > VOIP phone, or maybe something else? > It was my cell phone, and after your OP I thought to myself: if a human being had picked up the other day and told me, as an exceptional security measure to protect my account, to give him my full SSN number rather than the usual last four digits, I very well might've done that. Anyway, I was sorry to hear about your worries and wish you happy holidays.
Re: Identity Theft
On Tuesday, December 21, 2021 12:46:35 PM rhkra...@gmail.com wrote: > What kind of phone did you use to make the call -- I mean cell phone, POTS, > VOIP phone, or maybe something else? Ahh, darn, sorry for the noise -- on first reading I missed the part about a cell phone. That is a known thing (a telephone intercept of a cell phone call), I have found nothing so far about such a thing happening with a VOIP phone or land line.
Re: Identity Theft
On Tuesday, December 21, 2021 01:44:51 PM Curt wrote: > On 2021-12-21, rhkra...@gmail.com wrote: > > Ahh, thank you -- maybe some confirmation that I'm not crazy. ;-) > > > > What kind of phone did you use to make the call -- I mean cell phone, > > POTS, VOIP phone, or maybe something else? > > It was my cell phone, and after your OP I thought to myself: if a human > being had picked up the other day and told me, as an exceptional > security measure to protect my account, to give him my full SSN number > rather than the usual last four digits, I very well might've done that. Thanks. I still feel dumb, but... > Anyway, I was sorry to hear about your worries and wish you happy > holidays. And thanks for that, too, and the same to you (and all on debian-user).
Re: Identity Theft
-- Sent with Tutanota, the secure & ad-free mailbox. 22 Dec 2021, 01:20 by richm...@criptext.com: > Jeremy Ardley writes: > >> On 21/12/21 9:59 am, rhkra...@gmail.com wrote: >> >>> On Monday, December 20, 2021 02:28:13 PM Brian wrote: >>> On Mon 20 Dec 2021 at 10:32:31 -0500, rhkra...@gmail.com wrote: > My identity has been stolen, and although it has nothing to do with > [...] May we know the URL of the financial website you contacted and the help number you phoned. >>> The website is troweprice.com, and the phone number is 855/654-5324. >>> >>> It looks like I didn't record the actual URL that I was on, but I don't >>> think >>> you could see that exact page in any case as it was an https page and one >>> that >>> showed my account numbers and balances. >>> >> >> There is a type of attack called cross-site scripting (XSS). It's >> mostly been eliminated by latest version browsers, but there are >> always zero-day vulnerabilities. >> >> The effect is that if you are vulnerable and have two tabs open, one >> to the legitimate site, and one to a bad guy site, the bad guy can >> alter your trusted site and for instance change a valid link into >> something malicious, or change a displayed phone number. >> >> More at https://owasp.org/www-community/attacks/xss/ >> > > That doesn't explain how the phone log showed the correct number had > been dialled. I suppose it is possible a call was in progress or came in > at the exact moment that the number was dialled. But then how did the > number get logged as a call? > A MiM attack can happen with phones every bit as with computers. Cheers! Harry
Re: Identity Theft
On Tue, 21 Dec 2021 10:34:49 -0500 The Wanderer wrote: > On 2021-12-21 at 09:10, Tim Woodall wrote: > > > On Tue, 21 Dec 2021, tv.deb...@googlemail.com wrote: > > > >> Le 21/12/2021 ? 14:24, Eike Lantzsch ZP6CGE a ?crit?: > >> > >> It is the second one, "Noscript" in one word [1]. Several > >> look-alike have spawn over the years. I also use Umatrix [2], but > >> it is more complex. > >> > >> For Firefox: > >> [1] https://addons.mozilla.org/fr/firefox/addon/noscript/ > >> [2] https://addons.mozilla.org/fr/firefox/addon/umatrix/ > >> > >> At least one of those is packaged in Debian. > > > > Will umatrix still work in firefox 91? > > > > Certainly didn't work for me in android v92. > > Is uMatrix on the whitelist of extensions that are allowed on the mobile > version of Firefox? > > Some good number of releases ago, Mozilla completely redid the mobile > version of Firefox, and in the process dropped support for most of the > extension base - as in, they restricted the allowed extensions to only > those in a defined list, and started that list out with a grand total of > *nine* items. (See [1] for some at-the-time commentary on this.) > > I understand that in the time since then they've gradually expanded the > list of allowed extensions, but at nothing like a rapid pace, and with > no sign that they even intend to ever let the broad scope of extensions > be installable (much less usable) for mobile-device Firefox again. > > It's always possible that uMatrix is one of the whitelisted extensions, > but I wouldn't be even slightly surprised if it weren't. > > [1] > https://palant.info/2020/08/31/a-grim-outlook-on-the-future-of-browser-add-ons/ 1) The author of uBlock and uMatrix, Raymond Hill, has abandoned the latter: https://github.com/uBlockOrigin/uMatrix-issues/issues/291#issuecomment-694988696 https://www.ghacks.net/2020/09/20/umatrix-development-has-ended/ 2) Android uBlock is indeed on the official list of Firefox Recommended Extensions: https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/ https://addons.mozilla.org/en-US/firefox/collections/4757633/7dfae8669acc4312a65e8ba5553036/ Celejar
Re: Identity Theft
Le 21/12/2021 à 16:20, Richmond a écrit : Jeremy Ardley writes: On 21/12/21 9:59 am, rhkra...@gmail.com wrote: On Monday, December 20, 2021 02:28:13 PM Brian wrote: On Mon 20 Dec 2021 at 10:32:31 -0500, rhkra...@gmail.com wrote: My identity has been stolen, and although it has nothing to do with [...] May we know the URL of the financial website you contacted and the help number you phoned. The website is troweprice.com, and the phone number is 855/654-5324. It looks like I didn't record the actual URL that I was on, but I don't think you could see that exact page in any case as it was an https page and one that showed my account numbers and balances. There is a type of attack called cross-site scripting (XSS). It's mostly been eliminated by latest version browsers, but there are always zero-day vulnerabilities. The effect is that if you are vulnerable and have two tabs open, one to the legitimate site, and one to a bad guy site, the bad guy can alter your trusted site and for instance change a valid link into something malicious, or change a displayed phone number. More at https://owasp.org/www-community/attacks/xss/ That doesn't explain how the phone log showed the correct number had been dialled. I suppose it is possible a call was in progress or came in at the exact moment that the number was dialled. But then how did the number get logged as a call? One possiblity is that the target (recipient of the call) company internal communication network was compromised. That happens quite often, not as much as mail servers but it is still not unknown.
Re: Identity Theft
On 22/12/21 6:23 am, tv.deb...@googlemail.com wrote: One possiblity is that the target (recipient of the call) company internal communication network was compromised. That happens quite often, not as much as mail servers but it is still not unknown. This is completely hypothetical, but with COVID work from home is very common and that includes inbound call centre operators. A compromise of an operator's computer, and/or getting VOIP phone credentials to the call centre PBX is quite possible. -- Jeremy OpenPGP_signature Description: OpenPGP digital signature
Re: Identity Theft
On 2021-12-21 5:23 p.m., tv.deb...@googlemail.com wrote: > Le 21/12/2021 à 16:20, Richmond a écrit : >> Jeremy Ardley writes: >> >>> On 21/12/21 9:59 am, rhkra...@gmail.com wrote: On Monday, December 20, 2021 02:28:13 PM Brian wrote: > On Mon 20 Dec 2021 at 10:32:31 -0500, rhkra...@gmail.com wrote: >> My identity has been stolen, and although it has nothing to do with > [...] > > May we know the URL of the financial website you contacted and the > help number you phoned. The website is troweprice.com, and the phone number is 855/654-5324. It looks like I didn't record the actual URL that I was on, but I don't think you could see that exact page in any case as it was an https page and one that showed my account numbers and balances. >>> >>> There is a type of attack called cross-site scripting (XSS). It's >>> mostly been eliminated by latest version browsers, but there are >>> always zero-day vulnerabilities. >>> >>> The effect is that if you are vulnerable and have two tabs open, one >>> to the legitimate site, and one to a bad guy site, the bad guy can >>> alter your trusted site and for instance change a valid link into >>> something malicious, or change a displayed phone number. >>> >>> More at https://owasp.org/www-community/attacks/xss/ >> >> That doesn't explain how the phone log showed the correct number had >> been dialled. I suppose it is possible a call was in progress or came in >> at the exact moment that the number was dialled. But then how did the >> number get logged as a call? >> > > One possiblity is that the target (recipient of the call) company > internal communication network was compromised. That happens quite > often, not as much as mail servers but it is still not unknown. > This was a pretty popular form of hacking from the 1980 up to mid 2000. As soon there was some automatic exchange, people found ways to act them and more programmable they were, the more hacked happened. Call redirection is not unknown of and not because there's new way of hacking that the old one stop being used. -- Polyna-Maude R.-Summerside -Be smart, Be wise, Support opensource development OpenPGP_signature Description: OpenPGP digital signature
Re: Identity Theft
On 2021-12-21, rhkra...@gmail.com wrote: > > That is a known thing (a telephone intercept of a cell phone call), I have > found nothing so far about such a thing happening with a VOIP phone or land > line. > > It's a known thing to dial one number and reach another? Can you provide a link? What do you mean by intercept? In any case, I doubt enormously that anything of the kind happened to me; when I successfully contacted my party in the US via an 877 number, I was told there was a snafu concerning their direct line, a *general* one affecting many customers (who all heard the Englishwoman's recorded voice), as if we might still be in the days of telephone exchanges and manual service and some operator was plugging the ringing cord into an erroneously labelled jack (so instead of connecting people to Major Financial Institution Department 22 people were connected to Bristol Furniture and Storage).
Re: Identity Theft
On Tue, Dec 21, 2021, 17:23 tv.deb...@googlemail.com < tv.deb...@googlemail.com> wrote: > Le 21/12/2021 à 16:20, Richmond a écrit : > > Jeremy Ardley writes: > > > >> On 21/12/21 9:59 am, rhkra...@gmail.com wrote: > >>> On Monday, December 20, 2021 02:28:13 PM Brian wrote: > On Mon 20 Dec 2021 at 10:32:31 -0500, rhkra...@gmail.com wrote: > > My identity has been stolen, and although it has nothing to do with > [...] > > May we know the URL of the financial website you contacted and the > help number you phoned. > >>> The website is troweprice.com, and the phone number is 855/654-5324. > >>> > >>> It looks like I didn't record the actual URL that I was on, but I > don't think > >>> you could see that exact page in any case as it was an https page and > one that > >>> showed my account numbers and balances. > >>> > >> > >> There is a type of attack called cross-site scripting (XSS). It's > >> mostly been eliminated by latest version browsers, but there are > >> always zero-day vulnerabilities. > >> > >> The effect is that if you are vulnerable and have two tabs open, one > >> to the legitimate site, and one to a bad guy site, the bad guy can > >> alter your trusted site and for instance change a valid link into > >> something malicious, or change a displayed phone number. > >> > >> More at https://owasp.org/www-community/attacks/xss/ > > > > That doesn't explain how the phone log showed the correct number had > > been dialled. I suppose it is possible a call was in progress or came in > > at the exact moment that the number was dialled. But then how did the > > number get logged as a call? > > > > One possiblity is that the target (recipient of the call) company > internal communication network was compromised. That happens quite > often, not as much as mail servers but it is still not unknown. > > My money is on this^. They're probably hosting some services (phones but > not necessarily) on premise and has been compromised. Another probable > scenario imo is they're forwarding to cell phones due to pandemic/WFH and > every now and then you're landing on a spoofed sim card.
Re: Identity Theft
On Wednesday, December 22, 2021 09:19:31 AM Curt wrote: > On 2021-12-21, rhkra...@gmail.com wrote: > > That is a known thing (a telephone intercept of a cell phone call), I > > have found nothing so far about such a thing happening with a VOIP phone > > or land line. > > It's a known thing to dial one number and reach another? On a cell phone yes, but I'd have to google again to find a link, I'll try to do that between now and tomorrow. > Can you provide > a link? See above. > What do you mean by intercept? Well it wasn't a word I originally used, but as I googled, I found reference to that. It seems it can mean (refer) to at least two (slightly) different things; * the thing that law enforcement (and others) can do (legally or not), that is put a wiretap on the "line" (virtual or real) and listen in / record the conversation * the other implied / inferred meaning is that of what I described, that is calling one number and having it be intercepted by another party who might masquerade as the called party. (Somebody on the list pointed out essentially the same thing as a "man in the middle" attack.) I did a little bit of googling ([telephone intercept cell phone]) before sending this to see if I could find a link, but no luck. (It's possible I misunderstood something I saw, but I don't think so.)
Re: Identity Theft
On Wed, Dec 22, 2021 at 1:45 PM wrote: > On Wednesday, December 22, 2021 09:19:31 AM Curt wrote: > > On 2021-12-21, rhkra...@gmail.com wrote: > > > That is a known thing (a telephone intercept of a cell phone call), I > > > have found nothing so far about such a thing happening with a VOIP > phone > > > or land line. > > > > It's a known thing to dial one number and reach another? > > On a cell phone yes, but I'd have to google again to find a link, I'll try > to > do that between now and tomorrow. > > > Can you provide > > a link? > > See above. > > > What do you mean by intercept? > > Well it wasn't a word I originally used, but as I googled, I found > reference > to that. It seems it can mean (refer) to at least two (slightly) > different > things; > >* the thing that law enforcement (and others) can do (legally or not), > that > is put a wiretap on the "line" (virtual or real) and listen in / record > the > conversation > >* the other implied / inferred meaning is that of what I described, > that is > calling one number and having it be intercepted by another party who might > masquerade as the called party. (Somebody on the list pointed out > essentially > the same thing as a "man in the middle" attack.) > > I did a little bit of googling ([telephone intercept cell phone]) before > sending this to see if I could find a link, but no luck. (It's possible I > misunderstood something I saw, but I don't think so.) > I'd have to say the concept of "intercepting" a VoIP call for Google voice reaches beyond logic; not impossible but certainly not probable since Google voice uses TLS to my knowledge. For this to work, you're implying someone is between you and google and the google voice service doesn't know. Again, I'd say this is more likely to be a case of sim cloning/spoofing based on WFH in that the calls are forwarded to cell phones that have been compromised. This lines up well with the stated fact that the calls randomly get "intercepted" and others go to the legit company in question. To my knowledge, with sim cloning the phone rings simultaneously. So the first one to pick up gets the call.
Re: Identity Theft
On 2021-12-22, rhkra...@gmail.com wrote: > >* the other implied / inferred meaning is that of what I described, that > is > calling one number and having it be intercepted by another party who might > masquerade as the called party. (Somebody on the list pointed out > essentially > the same thing as a "man in the middle" attack.) > I can find no example of this with a cell phone.
Re: Identity Theft
On Wednesday, December 22, 2021 02:02:13 PM Curt wrote: > On 2021-12-22, rhkra...@gmail.com wrote: > >* the other implied / inferred meaning is that of what I described, > >that is > > > > calling one number and having it be intercepted by another party who > > might masquerade as the called party. (Somebody on the list pointed out > > essentially the same thing as a "man in the middle" attack.) > > I can find no example of this with a cell phone. Well, I may have misunderstood something I saw / read, but I do hope to find time to look more thoroughly. Have a good day!
Re: Identity Theft
Philippe LeCavalier writes: > For this to work, you're implying someone is between you and google > and the google voice service doesn't know. Or someone has cracked either Google Voice or the bank (could be an inside job in either case). -- John Hasler j...@sugarbit.com Elmwood, WI USA
Re: Identity Theft
-- Sent with Tutanota, the secure & ad-free mailbox. 23 Dec 2021, 00:19 by cu...@free.fr: > On 2021-12-21, rhkra...@gmail.com wrote: > >> >> That is a known thing (a telephone intercept of a cell phone call), I have >> found nothing so far about such a thing happening with a VOIP phone or land >> line. >> > > It's a known thing to dial one number and reach another? Can you provide > a link? What do you mean by intercept? > > https://en.wikipedia.org/wiki/Triggerfish_(surveillance) > Any number of others. > In any case, I doubt enormously > that anything of the kind happened to me; when I successfully contacted > my party in the US via an 877 number, I was told there was a snafu > concerning their direct line, a *general* one affecting many customers > (who all heard the Englishwoman's recorded voice), as if we might still > be in the days of telephone exchanges and manual service and some > operator was plugging the ringing cord into an erroneously labelled jack > (so instead of connecting people to Major Financial Institution > Department 22 people were connected to Bristol Furniture and Storage). > Yes, there's a cross-connection somewhere. Whether that is hard-wired or wireless is immaterial. It could be brought about by something as innocuous as a short, somewhere. Cheers! Harry
Re: Identity Theft
On Wednesday, December 22, 2021 02:02:13 PM Curt wrote: > On 2021-12-22, rhkra...@gmail.com wrote: > >* the other implied / inferred meaning is that of what I described, > >that is > > > > calling one number and having it be intercepted by another party who > > might masquerade as the called party. (Somebody on the list pointed out > > essentially the same thing as a "man in the middle" attack.) > > I can find no example of this with a cell phone. Somebody yesterday posted about Triggerfish -- I can't find that post immediately. Wikipedia says (about Triggerfish): "Intercepting a cell phone call by a man in the middle attack, if the option is enabled, and the user makes or receives a call."
Re: Identity Theft
On 2021-12-23, rhkra...@gmail.com wrote: >> >> I can find no example of this with a cell phone. > > Somebody yesterday posted about Triggerfish -- I can't find that post > immediately. > > Wikipedia says (about Triggerfish): > > "Intercepting a cell phone call by a man in the middle attack, if the option > is enabled, and the user makes or receives a call." > Tracking of a cell phone by a mobile FBI van (Wireless Intercept and Tracking Team) which seeks to locate a cell phone lacking GPS tracking by scanning for its emissions. This first became known for its use in tracking hacker Kevin Mitnick.[1] Intercepting a cell phone call by a man in the middle attack ... https://en.wikipedia.org/wiki/Triggerfish_(surveillance) Other than the FBI stalking a criminal element in an unmarked van parked across the street stuffed with sophisticated electronic equipment, I don't believe this theoretical possibility translates to a worrisome probability of malicious behavior for the R.H. Kramers of the world.
Re: Identity Theft
24 Dec 2021, 00:07 by cu...@free.fr: > On 2021-12-23, rhkra...@gmail.com wrote: > >>> >>> I can find no example of this with a cell phone. >>> >> >> Somebody yesterday posted about Triggerfish -- I can't find that post >> immediately. >> >> Wikipedia says (about Triggerfish): >> >> "Intercepting a cell phone call by a man in the middle attack, if the option >> is enabled, and the user makes or receives a call." >> > > Tracking of a cell phone by a mobile FBI van (Wireless Intercept and Tracking > Team) which seeks to locate a cell phone lacking GPS tracking by scanning for > its emissions. This first became known for its use in tracking hacker Kevin > Mitnick.[1] > > Intercepting a cell phone call by a man in the middle attack ... > > https://en.wikipedia.org/wiki/Triggerfish_(surveillance) > > Other than the FBI stalking a criminal element in an unmarked van parked > across the street stuffed with sophisticated electronic equipment, I don't > believe this theoretical possibility translates to a worrisome probability of > malicious behavior for the R.H. Kramers of the world. > And I don't think the rhetorical `unmarked van parked across the street stuffed with sophisticated electronic equipment' accurately represents the reality. Some of this equipment will happily reside in a backpack. https://theintercept.com/document/2015/12/17/government-cellphone-surveillance-catalogue/ Cheers! Harry.
Re: Identity Theft
On 2021-12-23, harrywea...@tutanota.com wrote: >>> >> >> Tracking of a cell phone by a mobile FBI van (Wireless Intercept and Tracking >> Team) which seeks to locate a cell phone lacking GPS tracking by scanning >> for >> its emissions. This first became known for its use in tracking hacker Kevin >> Mitnick.[1] >> >> Intercepting a cell phone call by a man in the middle attack ... >> >> https://en.wikipedia.org/wiki/Triggerfish_(surveillance) >> >> Other than the FBI stalking a criminal element in an unmarked van parked >> across the street stuffed with sophisticated electronic equipment, I don't >> believe this theoretical possibility translates to a worrisome probability of >> malicious behavior for the R.H. Kramers of the world. >> > > And I don't think the rhetorical `unmarked van parked across the > street stuffed with sophisticated electronic equipment' accurately > represents the reality. Some of this equipment will happily reside in > a backpack. It wasn't really that "rhetorical" a van because it was precisely the very concrete "mobile FBI van" described on the Wikipedia page the OP referenced. As for the accurate representation of reality, I'm afraid we can only hope, however vainly, that people are capable of determining for themselves who might or might not be an expert in the field. > https://theintercept.com/document/2015/12/17/government-cellphone-surveillance-catalogue/ > > Cheers! > > Harry. > > --
Re: Identity Theft
On 24/12/21 5:03 am, Curt wrote: It wasn't really that "rhetorical" a van because it was precisely the very concrete "mobile FBI van" described on the Wikipedia page the OP referenced. As for the accurate representation of reality, I'm afraid we can only hope, however vainly, that people are capable of determining for themselves who might or might not be an expert in the field. https://theintercept.com/document/2015/12/17/government-cellphone-surveillance-catalogue/ The tools listed in the intercept article don't allow interception of actual voice calls. They are intended to perform traffic analysis and test functions. Any competent authority would simply get a warrant (or not) and intercept calls at the exchanges. It's very easy and happens all the time. In conflict countries like Syria and Ukraine you can be certain that 100% of call metadata are recorded and a significant fraction, if not 100%, of voice data recorded for future use. It's not a lot of data on the scale of things. Getting back to the OP, on the scale of likelihood: - zero probability a bad guy was sitting across the street to intercept his phone - zero probability a carrier exchange was compromised by a non-state actor - moderate probability the financial institution PBX was compromised - good probability the OP computer *could* have been compromised - it's relatively easy but may not have happened My working theory is the financial institution PBX was compromised and a small percentage of inbound calls intercepted. It was the OP's bad luck to be one of those. -- Jeremy OpenPGP_signature Description: OpenPGP digital signature
Re: Identity Theft
On Thu, Dec 23, 2021, 16:27 Jeremy Ardley wrote: > > On 24/12/21 5:03 am, Curt wrote: > > > > It wasn't really that "rhetorical" a van because it was precisely the > > very concrete "mobile FBI van" described on the Wikipedia page the OP > > referenced. > > > > As for the accurate representation of reality, I'm afraid we can only > > hope, however vainly, that people are capable of determining for > > themselves who might or might not be an expert in the field. > > > >> > https://theintercept.com/document/2015/12/17/government-cellphone-surveillance-catalogue/ > >> > > > The tools listed in the intercept article don't allow interception of > actual voice calls. They are intended to perform traffic analysis and > test functions. > > Any competent authority would simply get a warrant (or not) and > intercept calls at the exchanges. It's very easy and happens all the > time. In conflict countries like Syria and Ukraine you can be certain > that 100% of call metadata are recorded and a significant fraction, if > not 100%, of voice data recorded for future use. It's not a lot of data > on the scale of things. > > Getting back to the OP, on the scale of likelihood: > > - zero probability a bad guy was sitting across the street to intercept > his phone > > - zero probability a carrier exchange was compromised by a non-state actor > > - moderate probability the financial institution PBX was compromised > > - good probability the OP computer *could* have been compromised - it's > relatively easy but may not have happened > > My working theory is the financial institution PBX was compromised and a > small percentage of inbound calls intercepted. It was the OP's bad luck > to be one of those. > > -- > Jeremy > > Thank you.
Re: Identity Theft
On Thursday, December 23, 2021 04:26:54 PM Jeremy Ardley wrote: > Getting back to the OP, on the scale of likelihood: > > - zero probability a bad guy was sitting across the street to intercept > his phone > > - zero probability a carrier exchange was compromised by a non-state actor > > - moderate probability the financial institution PBX was compromised > > - good probability the OP computer *could* have been compromised - it's > relatively easy but may not have happened I don't think my computer is relevant -- the ObiHai VOIP device is a self contained device -- it doesn't need / use my computer for anything except: * many years ago, iirc, and occasionally since then, I've used it to go to an ObiHai web page to set up the ObiHai device, and specify the "provider" (Google Voice). (Occasionally since then I've had to go back to that page and check or re-setup the device.) * if I want to do things like view the Google Voice phone log, I do that on a web page (on my computer). > > My working theory is the financial institution PBX was compromised and a > small percentage of inbound calls intercepted. It was the OP's bad luck > to be one of those.
Re: Identity Theft
On Fri, Dec 24, 2021, 09:57 wrote: > On Thursday, December 23, 2021 04:26:54 PM Jeremy Ardley wrote: > > Getting back to the OP, on the scale of likelihood: > > > > - zero probability a bad guy was sitting across the street to intercept > > his phone > > > > - zero probability a carrier exchange was compromised by a non-state > actor > > > > - moderate probability the financial institution PBX was compromised > > > > - good probability the OP computer *could* have been compromised - it's > > relatively easy but may not have happened > > I don't think my computer is relevant -- the ObiHai VOIP device is a self > contained device -- it doesn't need / use my computer for anything except: > >* many years ago, iirc, and occasionally since then, I've used it to go > to > an ObiHai web page to set up the ObiHai device, and specify the "provider" > (Google Voice). (Occasionally since then I've had to go back to that page > and > check or re-setup the device.) > >* if I want to do things like view the Google Voice phone log, I do > that on > a web page (on my computer). > > > > > > My working theory is the financial institution PBX was compromised and a > > small percentage of inbound calls intercepted. It was the OP's bad luck > > to be one of those. > It's a process. Always work from the most probable to the least. As outlined, google is the least likely and you and devices you control are the most likely. Vet one move on to the next. It's a simple process and as long as you're thorough it's the best approach to draw a solid conclusion. If the device isn't compromised (which, you saying so doesn't in any way vet the device as safe and not compromised btw) then the desktop you got the number from is the next step to vet. What OS are you running, what endpoint security do you have...etc. next after that would be your home network. What router/gateway/firewall do you have? What dns service do you use (could be key imo)? So on and so forth until we find the smoking gun. This would go all the way to speaking with a legit person at the financial firm about their PBX which you will no doubt find huge degrees of resistance. One thing that breaks this process is the user making statements based on previous knowledge or assumption like you just did about your obi device. You have to vet aspects even if you know them to be clean. Your assumption and emotion have no room in this process IF you want to find the truth.
Re: Identity Theft
Philippe LeCavalier writes: > If the device isn't compromised (which, you saying so doesn't in any > way vet the device as safe and not compromised btw) then the desktop > you got the number from is the next step to vet. How do you explain the Google Voice log entries? -- John Hasler j...@sugarbit.com Elmwood, WI USA
Re: Identity Theft
On Fri, Dec 24, 2021, 10:26 John Hasler wrote: > Philippe LeCavalier writes: > > If the device isn't compromised (which, you saying so doesn't in any > > way vet the device as safe and not compromised btw) then the desktop > > you got the number from is the next step to vet. > > How do you explain the Google Voice log entries? > > Yes the legit number was called but randomly (so it appears) a imposter is > answering while other times the legit company answers. That's the > information we know for fact u less I'm mistaken. So if you asked me to draw a conclusion and forego all the investigative steps suggested which I do not recommend, I would say the two most probable causes are a compromised PBX at the financial institute or sim card cloning. Third on the list would be dns poisoning on the OPs gateway. All 3 scenarios would have the log entries look legit.
Re: Identity Theft
On Ma, 21 dec 21, 10:13:07, Jeremy Ardley wrote: > On 21/12/21 10:09 am, Jeremy Ardley wrote:s. > > There is a type of attack called cross-site scripting (XSS). It's mostly > > been eliminated by latest version browsers, but there are always > > zero-day vulnerabilities. > > > > The effect is that if you are vulnerable and have two tabs open, one to > > the legitimate site, and one to a bad guy site, the bad guy can alter > > your trusted site and for instance change a valid link into something > > malicious, or change a displayed phone number. > > > > More at https://owasp.org/www-community/attacks/xss/ > > > > You can mitigate XSS by having a single browser that is used solely to > access high value sites. e.g. if you routinely run Firefox, have a copy of > Vivaldi that you use to access your banks - one at a time. Hopefully Multi-Account Containers helps with this as well, point 4. in the "What you can do with Multi-Account Containers" seems to imply it. https://support.mozilla.org/en-US/kb/containers Kind regards, Andrei -- http://wiki.debian.org/FAQsFromDebianUser signature.asc Description: PGP signature
Re: Identity Theft
Intentionally top posting: Just in an effort to keep my warning on target, I (and I think the consensus of others on this list) is that the problem that occurred was not an XSS attack). Remember that the incident was that I dialed a known good number of a financial institution 3 times, 2 times I got the financial institution, one time I got a scammer. (And further, the Google Voice logs show that I dialed the same number all three times.) On Saturday, December 25, 2021 12:03:00 PM Andrei POPESCU wrote: > On Ma, 21 dec 21, 10:13:07, Jeremy Ardley wrote: > > On 21/12/21 10:09 am, Jeremy Ardley wrote:s. > > > > > There is a type of attack called cross-site scripting (XSS). It's > > > mostly been eliminated by latest version browsers, but there are > > > always zero-day vulnerabilities. > > > > > > The effect is that if you are vulnerable and have two tabs open, one to > > > the legitimate site, and one to a bad guy site, the bad guy can alter > > > your trusted site and for instance change a valid link into something > > > malicious, or change a displayed phone number. > > > > > > More at https://owasp.org/www-community/attacks/xss/ > > > > You can mitigate XSS by having a single browser that is used solely to > > access high value sites. e.g. if you routinely run Firefox, have a copy > > of Vivaldi that you use to access your banks - one at a time. > > Hopefully Multi-Account Containers helps with this as well, point 4. in > the "What you can do with Multi-Account Containers" seems to imply it. > > https://support.mozilla.org/en-US/kb/containers
Re: Identity Theft
Am Sonntag, 26. Dezember 2021, 14:38:04 CET schrieb rhkra...@gmail.com: Hi there, I think, the more important is not, how the attacker got into the phone connection, the more important IMHO is that he said: "They asked me a lot of questions, very personbal questions about me and my family and so on." This should be the most important thing to all people, to give away the only necessary informations thea need and they already should have: name, address, maybe birthdate, sometimes mail-address (for the last one keep a "spammail- address available). If they ask for more, be alarmed and ask, why they need that special information(s). In doubt, disconnect and call again later. There is a big chance, you get another person on the phone, whom you can ask, if he or she knows your last voicepartner. Remember: Alaways, and really always(!) give as few informations away as possible! All datas are like arrows: If one is shot, you never know, who finds it and what he does with it. Copies it, collects it and misuse it, when ever there is an opportunity. So, again: The most important statement was: They asked me a lot of personal questions and wanted to know many peronal data! Keep alarmed! Best Hans > Intentionally top posting: > > Just in an effort to keep my warning on target, I (and I think the consensus > of others on this list) is that the problem that occurred was not an XSS > attack). > > Remember that the incident was that I dialed a known good number of a > financial institution 3 times, 2 times I got the financial institution, one > time I got a scammer. > > (And further, the Google Voice logs show that I dialed the same number all > three times.) >
Re: vulnerability classifications (was: Re: Identity Theft)
On 21/12/21 10:18 am, Nicole wrote: More at https://owasp.org/www-community/attacks/xss/ just out of curiousity: I understand XSS are like code injections into the HTML through user controlled input or attacker controlled input, e.g. the password field or the message you send someone. what you describe my amateurish brain however references as XS(-Leak?) vulnerability - is this a mix-up on your end or a misunderstanding of how words are used on my end? The overview in the link above describes it. Basically the script can do many things including altering the content of a page More at https://owasp.org/www-community/Types_of_Cross-Site_Scripting -- Jeremy OpenPGP_signature Description: OpenPGP digital signature
[OT] Medical identity theft was: Re: Heartbleed (was ... Re: My fellow (Debian) Linux users ...)
On Wednesday 16 April 2014 14:54:03 Karen Lewellen wrote: > I give you an example of medical identity theft. At least how it > can happen stateside. > You are say a senior or someone with a print disability in a > doctor's office. > You must get help completing the forms, and the first question you > must provide is...? This is a very American rant. The inability of the rest of us to make sense of it is because it doesn't apply to most of us. Anyhow, anyone who wants my medical identity is welcome to it - so long as I lose it when they acquire it. ;-) Lisi > your social security umber. Add that you may also be providing > this person private insurance numbers and the like. A person need > only write down our identification and have a field day. > Given how challenging it is to correct damage done on your credit > file, see the informative story on the 60 minutes website about > this, a person may never get cleared. the thief on the other hand > is getting credit cards and cell phones and medial things with your > information. > because the victim may not be able to investigate with ease, they > might not even know their identity has been compromised. > make sense? > Kare > > On Wed, 16 Apr 2014, shawn wilson wrote: > > On Wed, Apr 16, 2014 at 8:54 AM, John Hasler wrote: > >> Bill Wood writes: > >>> and medical identity theft has risen sharply in recent years. > >> > >> What is medical identity theft? > > > > I'd also be interested seeing the proof for the claim (I think he > > means medical data breaches but IDK anyone has disclosed that > > information). > > > > > > -- > > To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org > > with a subject of "unsubscribe". Trouble? Contact > > listmas...@lists.debian.org Archive: > > https://lists.debian.org/CAH_OBieq6ECfG914h=E3_UXq2Q_YnUv6O-vzd9O > >hcrkaqw7...@mail.gmail.com -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/201404161545.05229.lisi.re...@gmail.com
Re: [OT] Medical identity theft was: Re: Heartbleed (was ... Re: My fellow (Debian) Linux users ...)
Perhaps smiles. After all most countries do not associate so much critical information to one number. But many people do not put their private information by choice in places where security of a site is a risk either so. Sorry for the side track smiles. Kare On Wed, 16 Apr 2014, Lisi Reisz wrote: On Wednesday 16 April 2014 14:54:03 Karen Lewellen wrote: I give you an example of medical identity theft. At least how it can happen stateside. You are say a senior or someone with a print disability in a doctor's office. You must get help completing the forms, and the first question you must provide is...? This is a very American rant. The inability of the rest of us to make sense of it is because it doesn't apply to most of us. Anyhow, anyone who wants my medical identity is welcome to it - so long as I lose it when they acquire it. ;-) Lisi your social security umber. Add that you may also be providing this person private insurance numbers and the like. A person need only write down our identification and have a field day. Given how challenging it is to correct damage done on your credit file, see the informative story on the 60 minutes website about this, a person may never get cleared. the thief on the other hand is getting credit cards and cell phones and medial things with your information. because the victim may not be able to investigate with ease, they might not even know their identity has been compromised. make sense? Kare On Wed, 16 Apr 2014, shawn wilson wrote: On Wed, Apr 16, 2014 at 8:54 AM, John Hasler wrote: Bill Wood writes: and medical identity theft has risen sharply in recent years. What is medical identity theft? I'd also be interested seeing the proof for the claim (I think he means medical data breaches but IDK anyone has disclosed that information). -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/CAH_OBieq6ECfG914h=E3_UXq2Q_YnUv6O-vzd9O hcrkaqw7...@mail.gmail.com -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/201404161545.05229.lisi.re...@gmail.com -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/pine.bsf.4.64.1404161100460.41...@server1.shellworld.net
