> then let's the CEO he has a new number and provides a fake number
I came to a similar conclusion regarding the implementation of the attack. The scenario in my head was slightly different, but very similar (still includes a new number):
Kevin provides his business card and sets up a meeting with the CEO to report on his progress (or whatever). When the CEO calls at the scheduled time - Kevin doesn't answer. Sometime later Kevin calls the CEO and apologizes for missing the call, and explains that he didn't see any missed calls.
At that point the CEO explains that he tried to call, and even left a message. Kevin has a sudden flash of insight and realizes that he may have given the CEO one of his old business cards.
"What's the phone number on the business card I gave you? I'm wondering if I've been handing out my old business cards to people... that would actually explain a lot." (presumably the phone number on the business card in question would include digits 0-9 in a not-super-obvious way)
The CEO reads back the phone number on the card and Kevin slaps his forehead because that is in fact the wrong business card. Kevin gives the CEO his new number, and they finish the scheduled meeting. On future calls the CEO is able to contact Kevin using the new number, which lends credence to the attack.
I came to a similar conclusion regarding the implementation of the attack. The scenario in my head was slightly different, but very similar (still includes a new number):
Kevin provides his business card and sets up a meeting with the CEO to report on his progress (or whatever). When the CEO calls at the scheduled time - Kevin doesn't answer. Sometime later Kevin calls the CEO and apologizes for missing the call, and explains that he didn't see any missed calls.
At that point the CEO explains that he tried to call, and even left a message. Kevin has a sudden flash of insight and realizes that he may have given the CEO one of his old business cards.
"What's the phone number on the business card I gave you? I'm wondering if I've been handing out my old business cards to people... that would actually explain a lot." (presumably the phone number on the business card in question would include digits 0-9 in a not-super-obvious way)
The CEO reads back the phone number on the card and Kevin slaps his forehead because that is in fact the wrong business card. Kevin gives the CEO his new number, and they finish the scheduled meeting. On future calls the CEO is able to contact Kevin using the new number, which lends credence to the attack.