Happen to me again
Well, it happen again. My bank account got hacked again! Same bank from last time. I switch all my passwords, and got a pin sent to me every time I access my account. It is really ******* me off. I can't access my account or use any of my cards. I get ready to go off grid. Luckily, I have a credit card from another bank I don't use, but I going have to use it. I not sure how much they spent, because I can't access my account. But way it seem, they might of spent around 5,000 dollars at a grocery store again.
Comments
-
markulous Member Posts: 2,394 ■■■■■■■■□□Are you reusing any passwords? If not, is your bank password something long and hard to guess?
May want to request that they send you a 2 factor token. -
cyberguypr Mod Posts: 6,928 ModCan you clarify? Last time you insinuated the account got popped but it ended up being just the card. What exact issue are we talking about here?
-
Ryan9764 Member Posts: 88 ■■□□□□□□□□No, I not reusing the same password. Maybe I shouldn't be using lastpass. That might be the reason. One factor token they using is: send me a pin when ever I log on to my account.
-
Ryan9764 Member Posts: 88 ■■□□□□□□□□I can't really go into details. My account got block, and they reviewing my account. I called my bank, and the guy can't do anything about it because they reviewing my account. I think it might be my debit card again. The automatic read me a list of my recent transactions and there were like 4 of them around 1500.
-
Danielh22185 Member Posts: 1,195 ■■■■□□□□□□Sounds like it's time to switch banks!Currently Studying: IE Stuff...kinda...for now...
My ultimate career goal: To climb to the top of the computer network industry food chain.
"Winning means you're willing to go longer, work harder, and give more than anyone else." - Vince Lombardi -
Ryan9764 Member Posts: 88 ■■□□□□□□□□Danielh22185 wrote: »Sounds like it's time to switch banks!
-
Ryan9764 Member Posts: 88 ■■□□□□□□□□Anybody got any suggestions? I use last pass and switch all my passwords randomly. It seem like only my usaa bank account get hack.
-
GSXR750K2 Member Posts: 323 ■■■■□□□□□□Anybody got any suggestions? I use last pass and switch all my passwords randomly. It seem like only my usaa bank account get hack.
First, grammar.
Second, don't use a password management application. The more places you have passwords stored, the greater the risk of some of that stored information leaking out. Do you only use a single computer to access these accounts? If so, maybe a key logger is to blame. Did you wipe your OS and do a clean install after the last round, or just reset your passwords and store them back into Last Pass? Convenience has a price, too.
Third, check your accounts frequently. I check all of mine at least once a day.
Fourth, and I only suggest this if you have self-control, use a credit card for everything and pay it off monthly. If this were to happen on your credit card, it's much easier to get off the hook, but your checking/savings account is a whole different story. Plus, if you have a rewards card, you might as well get miles/points for things you're going to buy anyway.
Fifth, set alerts if your bank/card issuer has offers them. New device sign-in? Notify. Transaction exceeding x-dollar amount? Notify. Excessive password attempts? Notify.
Grab the problem by the horns and take steps to mitigate it since apparently just changing passwords and getting a PIN didn't work. There's an old saying about being fooled once and fooled twice...
-EDIT-
Make your passwords like an adult film star...long and strong. Passwords don't have to be just letters and numbers. "Notepads" is a no-go, but "N0t3P@d$" is acceptable. Be creative, use periods, commas, or other punctuation to increase the complexity of a password.
Also, avoid using consecutive or repetitive characters like "abc" or "777". -
markulous Member Posts: 2,394 ■■■■■■■■□□Password managers are necessary for a lot of people though. If I have 50 passwords, there's zero way I'd be able to have long random passwords memorized for all of those accounts. Your only options are either a password manager, writing them all down, or reusing your password.
Also, complexity isn't really needed for a good password, it's almost 100% on the length.
Using something like KeePass is what I would recommend. It's offline, so if someone somehow got your file, you probably have bigger problems because they likely aren't breaking the encryption on it. -
scaredoftests Mod Posts: 2,780 ModI'd go with another bank.Never let your fear decide your fate....
-
rob42 Member Posts: 423No, I not reusing the same password. Maybe I shouldn't be using lastpass. That might be the reason. One factor token they using is: send me a pin when ever I log on to my account.
Personally, I don't trust ANY of these 'password manager' apps and I simply don't trust or use them. For people that seem to 'need' them, for whatever reason, my advice (for what it's worth) would be: only use them for sites that don't have any direct consequences for you, should the app be compromised.
As for your banking login, why trust any 3rd party app with that kind of data? Either improve your memory or write it down in some form of encoded text, such as reversing every other symbol: e.g password would become apssowdr <- that's very each to crack, but you see what I'm driving at? Just invent your own method.No longer an active member -
p@r0tuXus Member Posts: 532 ■■■■□□□□□□First, grammar..Second, don't use a password management application. The more places you have passwords stored, the greater the risk of some of that stored information leaking out. Do you only use a single computer to access these accounts? If so, maybe a key logger is to blame. Did you wipe your OS and do a clean install after the last round, or just reset your passwords and store them back into Last Pass? Convenience has a price, too..Third, check your accounts frequently. I check all of mine at least once a day.
I would also consider speaking with a representative at your bank. Most of them will let you change your daily spending limit balance, but generally will only cover so much of an expenditure caused by misuse. Example, your bank covers $500 in fraud cases, but charged amount was $1500, leaving you $1000 in loss. For that reason, I try to plan ahead with larger expenditures and will call in advance if I know I need that limit raised. Otherwise, I keep tight control over what's going out of that account.Completed: ITIL-F, A+, S+, CCENT, CCNA R|S
In Progress: Linux+/LPIC-1, Python, Bash
Upcoming: eJPT, C|EH, CSA+, CCNA-Sec, PA-ACE -
jcundiff Member Posts: 486 ■■■■□□□□□□scaredoftests wrote: »I'd go with another bank.
Its not his bank (USAA) its either where he is sticking his card, or most likely (since he said he used lastpass)
https://www.theverge.com/2017/3/22/15023062/lastpass-security-flaw-passwords"Hard Work Beats Talent When Talent Doesn't Work Hard" - Tim Notke -
Ryan9764 Member Posts: 88 ■■□□□□□□□□First, grammar.
Second, don't use a password management application. The more places you have passwords stored, the greater the risk of some of that stored information leaking out. Do you only use a single computer to access these accounts? If so, maybe a key logger is to blame. Did you wipe your OS and do a clean install after the last round, or just reset your passwords and store them back into Last Pass? Convenience has a price, too.
Third, check your accounts frequently. I check all of mine at least once a day.
Fourth, and I only suggest this if you have self-control, use a credit card for everything and pay it off monthly. If this were to happen on your credit card, it's much easier to get off the hook, but your checking/savings account is a whole different story. Plus, if you have a rewards card, you might as well get miles/points for things you're going to buy anyway.
Fifth, set alerts if your bank/card issuer has offers them. New device sign-in? Notify. Transaction exceeding x-dollar amount? Notify. Excessive password attempts? Notify.
Grab the problem by the horns and take steps to mitigate it since apparently just changing passwords and getting a PIN didn't work. There's an old saying about being fooled once and fooled twice...
-EDIT-
Make your passwords like an adult film star...long and strong. Passwords don't have to be just letters and numbers. "Notepads" is a no-go, but "N0t3P@d$" is acceptable. Be creative, use periods, commas, or other punctuation to increase the complexity of a password.
Also, avoid using consecutive or repetitive characters like "abc" or "777". -
GSXR750K2 Member Posts: 323 ■■■■□□□□□□Thanks, and sorry about the grammar. I suffer TBI when I was in the military. The reason why I use password management apps is that i have memory issues. As stated in my last sentence, I suffer TBI, and can't remember ****.
I'm sorry to hear that, and I understand somewhat. A friend was a captain in the USMC and suffered a TBI due to a car hitting him while he was returning to base. He got out about three years ago and he still suffers memory lapses from time to time. You and markulous both have valid points regarding password managers in each of your situations.
Thank you for your service, and hopefully this nightmare can be put behind you as soon as possible. -
Ryan9764 Member Posts: 88 ■■□□□□□□□□I'm sorry to hear that, and I understand somewhat. A friend was a captain in the USMC and suffered a TBI due to a car hitting him while he was returning to base. He got out about three years ago and he still suffers memory lapses from time to time. You and markulous both have valid points regarding password managers in each of your situations.
Thank you for your service, and hopefully this nightmare can be put behind you as soon as possible. -
boot Member Posts: 22 ■□□□□□□□□□Second, don't use a password management application. The more places you have passwords stored, the greater the risk of some of that stored information leaking out.
Um, yes, do use a password manager. Your argument of not storing it in more places than necessary may make sense in theoretical isolation, just like "never patch a server, patches just break services or applications". As soon as you add the real world to the equation it doesn't work in the long run. If your point between the lines was actually "don't use a cloud-based password manager unless you know what that implies", I'd agree with you (I'm not saying "don't use cloud-based password management", I'm just saying you need to understand it and take appropriate precautions).Make your passwords like an adult film star...long and strong. Passwords don't have to be just letters and numbers. "Notepads" is a no-go, but "N0t3P@d$" is acceptable. Be creative, use periods, commas, or other punctuation to increase the complexity of a password.
"N0t3P@d$" is 8 characters (10 with the quotes...). First, that is not strong (8 characters is trivial to crack in most widespread password storage schemes, with all amounts of character complexity). Second, it's the same length as "Notepads".
Length. Length, length, length. That is what makes a strong password. You should mix in some punctuation or numerals, to make sure your password isn't a complete series of dictionary words, but some is all that is needed. You don't need to alternate lowercase, uppercase, numerals and punctuation throughout your entire password. Mixup 6-8 characters, spell the rest out normally or mostly normally (whenever you can't use a generated password). 14 characters is a reasonable minimum today, but if you're at 14, there is no harm in going longer.
Finally, I know plenty of US banks have archaic password restrictions limiting you to 8 or even 6 characters, which may apply to OP. In fact, I haven't heard about any US bank that lets you make reasonable passwords. How all of those big banks are not fined daily for their shitty systems is beyond me, 2FA for banking and public services is the norm here, it's the ones that don't provide that that stands out (and would be steamrolled in any fraud case). -
dhay13 Member Posts: 580 ■■■■□□□□□□I don't like password managers. I don't like the idea of my passwords all being in one place and trusted to 3rd party software. I do like password length though. Most of my passwords are at least 15 characters and include upper and lower case, numbers, and special characters. I don't know the exact formula but after 8 characters the complexity goes up exponentially with each character added. 20 characters would be something like a few thousand years. That is only if they have to go through every possible combination. There is the chance they could get it on the first try but not likely. Also, I don't NEED your password to impersonate you. I only need the hash of your password. If I can steal your hashed password then that is almost as good as having your password.
-
xxxkaliboyxxx Member Posts: 466Applications vulnerabilities are going to be compromised. Just the way it is, what you should of observed was how fast they patch their vulnerability. Stay with Last Pass, stay off public wifi.Studying: GPEN
Reading: SANS SEC560
Upcoming Exam: GPEN -
Ryan9764 Member Posts: 88 ■■□□□□□□□□Thanks everybody!!! This question came up in my last post, when I got hack the first time. But is Lifelock worth getting? I debating on whether or not to get it.
-
Queue Member Posts: 174 ■■■□□□□□□□You can lock your credit down on your own for free, by going through the three bureaus websites. This will prevent any unauthorized credit to be opened on your behalf.
I mentioned this before, but never use a check card/ATM card for purchases. You should just set your bank account to ACH transfer your payments to credit card companies, loans, mortage, whatever. Set up all alerts on your bank account and use strong password and multi-factor for authentication.
Use credit cards for all purchases or cash that you withdraw from a safe ATM/ or inside teller. Always pull on card swipes to make sure there isn't a skimmer. Since it seems you keep getting your card compromised at least if its a credit card, your cash is not at stake.
Use long passwords, just make up a sentence. HappenMeAgainIgotH@ck69 = 23 characters
If I were you since it seems its a place you frequent doing this, I would open a small pre-paid credit card. Then use it in a controlled manner to see which establishment is cloning your card. -
infosec123 Member Posts: 48 ■■■□□□□□□□I don't like password managers. I don't like the idea of my passwords all being in one place and trusted to 3rd party software.
I hope you dont bring this attitude to where you work, because if you do, you are putting your company in danger. Privileged password management is an essential practice in any properly controlled company. There are numerous vendors out there which specialize in properly built systems, just because Lastpass and a few other vendors cant properly implement a product, it doesnt mean they are all bad. Some of the largest corporations in the world use password management solutions, and they dont have issues in that department. -
NetworkNewb Member Posts: 3,298 ■■■■■■■■■□^^^^
While this is all true, I'm sure he referring to the ones meant for average users. I don't like them either. -
Ryan9764 Member Posts: 88 ■■□□□□□□□□You can lock your credit down on your own for free, by going through the three bureaus websites. This will prevent any unauthorized credit to be opened on your behalf.
I mentioned this before, but never use a check card/ATM card for purchases. You should just set your bank account to ACH transfer your payments to credit card companies, loans, mortage, whatever. Set up all alerts on your bank account and use strong password and multi-factor for authentication.
Use credit cards for all purchases or cash that you withdraw from a safe ATM/ or inside teller. Always pull on card swipes to make sure there isn't a skimmer. Since it seems you keep getting your card compromised at least if its a credit card, your cash is not at stake.
Use long passwords, just make up a sentence. HappenMeAgainIgotH@ck69 = 23 characters
If I were you since it seems its a place you frequent doing this, I would open a small pre-paid credit card. Then use it in a controlled manner to see which establishment is cloning your card. -
kurosaki00 Member Posts: 973Might be some place you frequent has a compromised atm machine or something. Could be a compromised machine in a cash registrar.
Your information might be compromised too. Like your bday, who is your uncle, street you grew up, mother maiden name, etc.
Might want to start using other info to recover info.meh -
Ryan9764 Member Posts: 88 ■■□□□□□□□□kurosaki00 wrote: »Might be some place you frequent has a compromised atm machine or something. Could be a compromised machine in a cash registrar.
Your information might be compromised too. Like your bday, who is your uncle, street you grew up, mother maiden name, etc.
Might want to start using other info to recover info.
Yeah, probably. I was in the military, so, my ssn was handed out like candy. I going to take some people advices on this thread, and just use my credit card. I talked with my cousin who is an IT tech at UMB, and told me the same thing:use my credit card, and pay it back at the end of each month. -
Nerkle Member Posts: 20 ■■□□□□□□□□Considering how many times the government and military branches have been breached, your ssn may be on a saved list somewhere too.
-
Ryan9764 Member Posts: 88 ■■□□□□□□□□Well, just got off of the phone with my Navy Fed bank. I told her about my problems, and she suggest a prepaid card. So, I getting one, hopefully this will help solve some of my problems.
-
E Double U Member Posts: 2,240 ■■■■■■■■■■Hack me once, shame on you. Hack me twice...Alphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, CompTIA, AWS