One of my clients had a login attempt to there bank with a password supposedly known only by the one user. The attempt was made from the companies wan ip (reported by the bank) there was no-one in the building that should have knowledge of the account information.
My question is can and do hackers mimic other wan ip addresses (i.e. the companies) or is the attempt most likely made by someone in the building or by remote software into the building.
The last piece of the puzzle is that the password was entered correctly on the second attempt. An invalid computer was seen by the bank site and reported to us. I think that is quick for a hacker.