My Computer is being HACKED

teresa1517teresa1517 Member Posts: 46 ■■□□□□□□□□
I transferred money into my bank account and within 20 minutes it was gone.
I called the fraud department and they replaced it instantly.
Less than 24 hours later it was taken again.

What can I do to make sure I am not being stalked and hacked and prevent it from happening again?

Comments

  • zxbanezxbane Member Posts: 740 ■■■■□□□□□□
    I would first verify that the incident isn't linked to your bank account rather than your computer.
  • j.petrovj.petrov Member Posts: 282
    If you are on Windows I would run netstat -o in the cmd and take a look at what is connected. This will show any process IDs that are associated with each connection. You can then match the PID with the PID in task manager under services to see if you have anything that doesn't look right connected.
  • [Deleted User][Deleted User] Posts: 0 ■■□□□□□□□□
    zxbane wrote: »
    I would first verify that the incident isn't linked to your bank account rather than your computer.
    Check this first. If not, Post the following here: 1. Operating System platform (PC, Mac, or possibly your smartphone) 2. What exactly was going on when this occurred? 3. I would get the information/transaction that occurred on you bank statement, find out who the transaction traces back to and go from there.
  • iBrokeITiBrokeIT GICSP, GCIP, GXPN, GPEN, GWAPT, GCFE, GCIA, GCIH, GSEC, CySA+, Sec+, eJPT Member Posts: 1,309 ■■■■■■■■■□
    Back up, format, reinstall OS, install AV and scan backups before restoring
    2019: GPEN | GCFE | GXPN | GICSP | CySA+ 
    2020: GCIP | GCIA | eCPPT | eWPT | eCTHP

    WGU BS IT-NA | SANS Grad Cert: PT&EH | SANS Grad Cert: ICS Security
  • lsud00dlsud00d Member Posts: 1,571
    Call them and tell them to disable your online banking account.

    If it occurs again...you got bigger problems.

    Also...do you bank from your phone? Have you changed your password? Have you updated your security questions? Does your bank offer two-factor authentication?

    It's possible you have malware with a keylogger.
  • zxbanezxbane Member Posts: 740 ■■■■□□□□□□
    I just don't understand where the assumption that it is absolutely related to the computer comes in, rather than the bank account itself being compromised.
  • kriscamaro68kriscamaro68 A+, Net+, Server+, Security+, Win7 MCP, Server 2012 Virtualization Specialist, MCSA 2012 Member Posts: 1,186 ■■■■■■■□□□
    Close the account at the bank. Maybe move to a different bank entirely. Re-install your OS for safe measure following 'iBrokeIT' method.
  • PlantwizPlantwiz Alligator wrestler Mod Posts: 5,057 Mod
    I would be on the phone working with the bank immediately, and not so much online.

    Stop using your machine that you believe is infected.
    Once the bank side is secured, then look into troubleshooting your machine.

    Do you have an alternate device to access online searches with while you problem solve the machine? If not, I'd consider obtaining one. What a disappointing bank if you report a fraud, they replace funds, and the problem happens again icon_rolleyes.gif I'd likely consider a new bank (local one or a credit union)

    Get fraud alerts on your credit reports and such too, just to slow down anyone trying to be 'you'.
    Plantwiz
    _____
    "Grammar and spelling aren't everything, but this is a forum, not a chat room. You have plenty of time to spell out the word "you", and look just a little bit smarter." by Phaideaux

    ***I'll add you can Capitalize the word 'I' to show a little respect for yourself too.

    'i' before 'e' except after 'c'.... weird?
  • YFZbluYFZblu Member Posts: 1,462 ■■■■■■■■□□
    j.petrov wrote: »
    If you are on Windows I would run netstat -o in the cmd and take a look at what is connected. This will show any process IDs that are associated with each connection. You can then match the PID with the PID in task manager under services to see if you have anything that doesn't look right connected.

    ...unless any malware which may be on the system contains rootkit modules; at which point netstat is lying. Zeus variants are known to exhibit the behavior described in the original post. It will behave as a man-in-the-middle between the User's browser and the bank; redirecting transferred funds to the attacker's account. Additionally it will keylog / screenshot the User - so once the money has been returned, it's trivial for the attacker to login and transfer the money again.

    My advice: Replace credit/debit cards, change your account numbers, and reimage any computers you own and use. I would be formatting my smartphone as well. IMO, when your livelihood is at stake, now is not the time to mess around.
  • teresa1517teresa1517 Member Posts: 46 ■■□□□□□□□□
    j.petrov wrote: »
    If you are on Windows I would run netstat -o in the cmd and take a look at what is connected. This will show any process IDs that are associated with each connection. You can then match the PID with the PID in task manager under services to see if you have anything that doesn't look right connected.
    I ran the netstat -o, but not sure how to get to services from task manager. I have windows 7
    YFZblu wrote: »
    .
    My advice: Replace credit/debit cards, change your account numbers, and reimage any computers you own and use. I would be formatting my smartphone as well. IMO, when your livelihood is at stake, now is not the time to mess around.
    I replaced debit card and closed that account.
    Also, changed password.
    Close the account at the bank. Maybe move to a different bank entirely. Re-install your OS for safe measure following 'iBrokeIT' method.
    I did reinstall my OS after being locked out with my own password. I had no other choice, I couldn't log back in. Weird, huh?
    Check this first. If not, Post the following here: 1. Operating System platform (PC, Mac, or possibly your smartphone) 2. What exactly was going on when this occurred? 3. I would get the information/transaction that occurred on you bank statement, find out who the transaction traces back to and go from there.
    My OS is windows 7, on pc.
    I found out when it first happened at 3:00 a.m. in the morning when I went to buy gas.
    As for tracing back, how would the bank be able to do that?
    lsud00d wrote: »
    Call them and tell them to disable your online banking account.

    If it occurs again...you got bigger problems.

    Also...do you bank from your phone? Have you changed your password? Have you updated your security questions? Does your bank offer two-factor authentication?

    It's possible you have malware with a keylogger.
    I bank on my laptop.
    How can I find out if there is malware with a keylogger, and get rid of it?
  • YFZbluYFZblu Member Posts: 1,462 ■■■■■■■■□□
    ^ You re-installed the operating system, correct? You have likely gotten rid of the malware in that case.
  • teresa1517teresa1517 Member Posts: 46 ■■□□□□□□□□
    YFZblu wrote: »
    ^ You re-installed the operating system, correct? You have likely gotten rid of the malware in that case.
    Correct? I don't remember how I did it. (please don't laugh) this is all new to me!
    The bank incident happened October 2012.
    Not being able to log into my pc with my own password, was May 2013.
    That is when I reinstalled the OS.
  • BGravesBGraves Member Posts: 339
    Came across this today and figured I'd toss it up here.
  • YFZbluYFZblu Member Posts: 1,462 ■■■■■■■■□□
    For some reason Comodo thinks signed malware is noteworthy - This isn't a new thing. Just more eyerolling news from Antivirus vendors I suppose.
  • teresa1517teresa1517 Member Posts: 46 ■■□□□□□□□□
    BGraves wrote: »
    Came across this today and figured I'd toss it up here.
    I found that very interesting, and very similar with my situation.
    Thanks
  • kristankelsch87kristankelsch87 Banned Posts: 5 ■□□□□□□□□□
    Definatlly its issue from bank side, I think you should close your account if that happens again..
Sign In or Register to comment.