Jeremy Ardley <jer...@ardley.org> writes: > On 21/12/21 9:59 am, rhkra...@gmail.com wrote: >> On Monday, December 20, 2021 02:28:13 PM Brian wrote: >>> On Mon 20 Dec 2021 at 10:32:31 -0500, rhkra...@gmail.com wrote: >>>> My identity has been stolen, and although it has nothing to do with >>> [...] >>> >>> May we know the URL of the financial website you contacted and the >>> help number you phoned. >> The website is troweprice.com, and the phone number is 855/654-5324. >> >> It looks like I didn't record the actual URL that I was on, but I don't think >> you could see that exact page in any case as it was an https page and one >> that >> showed my account numbers and balances. >> > > There is a type of attack called cross-site scripting (XSS). It's > mostly been eliminated by latest version browsers, but there are > always zero-day vulnerabilities. > > The effect is that if you are vulnerable and have two tabs open, one > to the legitimate site, and one to a bad guy site, the bad guy can > alter your trusted site and for instance change a valid link into > something malicious, or change a displayed phone number. > > More at https://owasp.org/www-community/attacks/xss/
That doesn't explain how the phone log showed the correct number had been dialled. I suppose it is possible a call was in progress or came in at the exact moment that the number was dialled. But then how did the number get logged as a call?
