I don't understand how step 4 was achieved. How did they get a list of recent tr... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		jonnycomputer on Oct 9, 2019 \| parent \| context \| favorite \| on: I was just subjected to the most credible phishing... I don't understand how step 4 was achieved. How did they get a list of recent transactions? Or does the password reset functionality ask you to verify certain transactions?

adambowles on Oct 9, 2019 [–]

They logged in with the newly reset password.

jonnycomputer on Oct 9, 2019 | [–]

Sorry, I still don't see how the attacker would have seen the information necessary to do that, unless the victim's answer's to questions over the phone enabled that.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact