Last week I had a C-Level user email account compromised and an attempted wire fraud. To add to this as well the users iPhone was compromised and a forward set to another phone number. Now his VMs are getting transcribed by text to mail service which the user claims they did not set up.
– Possibly how they got around his email MFA.
– Already swapped sim cards
– Factory reset the phone
– Verified with phone provider that no unauthorized changes were made to his account.
– Forward is gone as far as I can tell but I am still getting a text to mail subscriber message when trying to leave a VM.
– Looked to see if anyone else had seen this before. is this a possible zero-click install?
– What is the hack/scam/fraud here?
– Anyone else ever seen this before?