Path: ...!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!eternal-september.org!.POSTED!not-for-mail
From: Java Jive <java@evij.com.invalid>
Newsgroups: comp.mobile.android,uk.telecom.mobile
Subject: =?UTF-8?Q?Re=3A_=22=27Scammers_stole_=C2=A340k_after_EDF_gave_out_m?=
 =?UTF-8?Q?y_number=22?=
Date: Sun, 16 Mar 2025 16:04:59 +0000
Organization: A noiseless patient Spider
Lines: 37
Message-ID: <vr6src$23f7c$1@dont-email.me>
References: <vq478a$1a6p9$1@dont-email.me> <m2sdlgF2fjiU1@mid.individual.net>
 <vqc9e4$30gdm$1@dont-email.me> <m2u1avF9uqaU1@mid.individual.net>
 <vqcug0$345ts$1@dont-email.me> <vqes1l$3i7oj$1@dont-email.me>
 <vqf0ca$3j5oo$1@dont-email.me> <buh*n6r9z@news.chiark.greenend.org.uk>
 <vr3pav$3eto7$1@dont-email.me> <vr3s4m$3hdbg$1@dont-email.me>
 <vr4ere$eqk$1@dont-email.me> <vr5git$t0ll$1@dont-email.me>
 <vr6kqh$1t946$1@dont-email.me> <cuh*FQB9z@news.chiark.greenend.org.uk>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Sun, 16 Mar 2025 17:05:08 +0100 (CET)
Injection-Info: dont-email.me; posting-host="ab0a47b644d1446cb1c9992a53409c60";
	logging-data="2211052"; mail-complaints-to="abuse@eternal-september.org";	posting-account="U2FsdGVkX19NTvVyn7wIBPLa3bk0WesVaOw9p4O4TAE="
User-Agent: Mozilla Thunderbird
Cancel-Lock: sha1:dz4fyzTGkFfNDxbDu/wlAawddro=
Content-Language: en-GB
In-Reply-To: <cuh*FQB9z@news.chiark.greenend.org.uk>
Bytes: 3301

On 2025-03-16 15:13, Theo wrote:
> In uk.telecom.mobile Java Jive <java@evij.com.invalid> wrote:
>>
>> It makes perfect sense, what you are claiming makes no sense, and shows
>> that you have lost the chronological sequence of events.  For one thing,
>> the use of the word 'had' implies that the hack was already in place at
>> the time of scammer's phone call, otherwise they would have said
>> something like "... and hacked ..." or "... used it to hack ..." or "...
>> and went on to hack ...".  Further, if you reread the original report in
>> its entirety, how would he have persuaded EDF to give up the victim's
>> mobile number without personal identifying information that came from
>> access to his emails?  Next, how would he have been able to confirm the
>> request for a replacement SIM without being able to reply to the
>> confirmatory email?
> 
> When I've had to do a SIM swap (some time ago) it was all done on security
> questions, there was no confirmatory email.  I don't think the mobile
> networks required an email address, and if you're on PAYG they still
> don't.
> 
> I think there is not enough information to be clear about the sequencing,
> especially since emails and mobile are provided by the same company.

No, how would he have known the answers to the security questions to 
enable the SIM swap, and his emails were from Virgin Media, while the 
SIM was from O2.  Although not initially, my reading of the original 
article is now unambiguously that the email hack preceded the SIM swap 
and provided the initial personal information necessary to accomplish 
everything that followed.

-- 

Fake news kills!

I may be contacted via the contact address given on my website: 
www.macfh.co.uk