Article <vqc9e4$30gdm$1@dont-email.me>

Warning: mysqli::__construct(): (HY000/1203): User howardkn already has more than 'max_user_connections' active connections in D:\Inetpub\vhosts\howardknight.net\al.howardknight.net\includes\artfuncs.php on line 21
Failed to connect to MySQL: (1203) User howardkn already has more than 'max_user_connections' active connections
Warning: mysqli::query(): Couldn't fetch mysqli in D:\Inetpub\vhosts\howardknight.net\al.howardknight.net\index.php on line 66
Article <vqc9e4$30gdm$1@dont-email.me>

Deutsch English Français Italiano

<vqc9e4$30gdm$1@dont-email.me>

View for Bookmarking (what is this?)
Look up another Usenet article

Path: ...!weretis.net!feeder9.news.weretis.net!news.quux.org!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!eternal-september.org!.POSTED!not-for-mail
From: Java Jive <java@evij.com.invalid>
Newsgroups: comp.mobile.android,uk.telecom.mobile
Subject: =?UTF-8?Q?Re=3A_=22=27Scammers_stole_=C2=A340k_after_EDF_gave_out_m?=
 =?UTF-8?Q?y_number=22?=
Date: Thu, 6 Mar 2025 13:54:11 +0000
Organization: A noiseless patient Spider
Lines: 40
Message-ID: <vqc9e4$30gdm$1@dont-email.me>
References: <vq478a$1a6p9$1@dont-email.me> <m2sdlgF2fjiU1@mid.individual.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Date: Thu, 06 Mar 2025 14:54:13 +0100 (CET)
Injection-Info: dont-email.me; posting-host="d2dec808931a88e6b614f2291348e45e";
	logging-data="3162550"; mail-complaints-to="abuse@eternal-september.org";	posting-account="U2FsdGVkX1+nJ8j5H42wOo7jXM2Ftv9wVv2NpAmRl0Y="
User-Agent: Mozilla Thunderbird
Cancel-Lock: sha1:zoy5ili4qrC0TqtH81mEIT1deqQ=
In-Reply-To: <m2sdlgF2fjiU1@mid.individual.net>
Content-Language: en-GB
Bytes: 3024

On 2025-03-06 01:56, Brian Gregory wrote:
>
> On 03/03/2025 12:27, Java Jive wrote:
>>
>> So, EDF allowed them to go from his email address to obtaining his 
>> mobile phone number for a SIM-swap scam, but I wonder how they managed 
>> to go from either to all his savings accounts, unless they'd also 
>> compromised his PC or phone as well; if the latter, why did they need 
>> to go via EDF?
> 
> Once you've got the email and done the SIM swap scam or hacked SS7 to 
> read someone’s incoming SMS, that's enough, or almost enough, to get in 
> to all sorts of things via the I've forgotten my password link on their 
> websites.

But how would they know which banks, savings accounts, etc, to target 
without additional information?  Just knowing his email address on its 
own would not be enough for this, there must be hundreds of people who 
know my email address, because they send me emails via it, but that fact 
alone doesn't make me vulnerable to hacking.

At very least, they would have had to be able to read his emails, which 
would imply that the original problem was not EDF giving out his mobile 
number  -  which certainly they should not have done, and without that 
second breach of confidentiality it is true that the scam could not have 
progressed further, so they are undeniably at fault  -  but something 
like his email password being hacked somehow or other beforehand.  How 
the latter could happen would be pure speculation as the original report 
I linked gave no details, but most probably either he clicked on 
something in a phishing scam email, or installed some dodgy software, or 
a site he visits was hacked and he used the same password in too many 
places.

-- 

Fake news kills!

I may be contacted via the contact address given on my website: 
www.macfh.co.uk