Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My Story


  • Please log in to reply
4 replies to this topic

#1 notta3d

notta3d

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:28 PM

Posted 05 December 2017 - 12:00 PM

Hi guys. I received a call from the fraud department of my bank last week and the gentleman said that some unusual activity was occurring on my bank account. He said several purchases were made from Africa and and several electronic checks were setup to be paid to other people. He also stated that my alert email was changed and asked me if I did it. I was on vacation so I was not looking at my emails but sure enough the night before I received the email that it was changed. The good thing is that the purchases were made at 3:00 pm and I was notified at 6:00 pm. Needless to say they immediately locked out my account and cancelled my credit cards. After hanging up he called me back within a half hour and said did you just call to transfer 5k to another bank? I said no. He said they just tried to call in to transfer money over the phone but our people denied it because their voice sounded shaky. I have to say this is some crazy stuff. We have all had viruses but this was taken to an entirely new level.

 

Here is the kicker, I store all my passwords in LastPass with the exception of 3. My bank account, my primary email, and my secondary email.Those 3 accounts I type the passwords in manually and all 3 are random passwords that are not easy to guess. Even more so is that my bank account, which they got into to make the changes, has NEVER been used anywhere other than my main PC that I use at home. The password is written on a piece of paper on my desk (I live alone). So this clearly tells me that my main PC was breached. The scary thing is that I keep my PC up to date with all patches and even run Secunia to tell me about vulnerabilities. At that time I had 4 vulnerabilities, old version of Python, SQL Server Framework, Wireshark, and another that I cannot recall but was not OS related.

 

I can even narrow down when I think the breach might have occurred and actually wanted everyone's feedback. A few weeks back I wanted to view an event online, but the website required you to disable ad blockers on the browsers. I was not very comfortable doing this so I ran the web browser in Sandboxie thinking any malicious activities would be contained to the sandbox. While watching the event the browser crashed and after re-opening the Sandboxie Browser a filename.exe download box came up and automatically downloaded the file into my download directory. In all my life I had never seen this happen before. My question I keep asking myself is did the file actually run? It happened so quick. I went on thinking that it was contained but it must have run. After that I had a large amount of Firefox tab crashes up to the phone call from the bank.

 

Let's say that the .exe actually ran and was not just downloaded, what do you think it did? Keyboard logger? I feel completely violated as did they have access to my entire file system and looked at all my personal files? Oh brother. How do you protect yourself against this other than not being stupid and going to a site like that in the first place?

 

Needless to say right after getting the call I disconnected my machine. Wiped out the C drive and installed a fresh version of Windows 10. I then went around and changed my most critical account passwords. Enabled 2-factor on a couple that I missed except for my bank. Can you believe that game companies and email services can implement 2-factor authentication but something as important as a bank cannot? Wow!

 

I now am feeling that I might be better off storing all my passwords in Lastpass as it doesn't seem they breached my Lastpass. The actual typing in of the password for my bank is the only one I type in and seems to be the only one they accessed. My 2 emails have been cached on my main machine for some time now. I have been using Lastpass for years and it has been rock solid but have been leery of storing the really sensitive information in there, but it seems it would have helped me in this situation.

 

One last thing, I received a call last week from a guy that identified himself as a member of the fraud team at my bank and he said he was doing a follow-up. He asked me if I knew how they got in. I thought that was strange question but I continued to talk and said I think an ad crashed my browser and caused all this. I then said I changed my LastPass and rebuilt my system. I then ripped him that the bank should offer 2-factor and he literally didn't say anything. The following day I called the bank asking if that number was one of their numbers (the number was a number in my area code) and they said they have no record. I decided to call the number back and it came back that the number was not in service. This freaked me out. Had I talked to the guy that actually tried to steal my money or did the bank rep anonymize his cell phone number? Wow, my skin is crawling thinking of it.

 

Now I'm wondering if I should get something like Lifelock to protect myself for a year or so since they probably know everything about me at this point. I also have other devices on my network such as a QNAP NAS, Hikvision Security camera's, NVR, and a PFSense box that I'm questioning have they all been compromised with that window that they had access to my system?? As you can tell I'm really shaken over this event.

 

Anyway I just wanted to tell you guys my story.



BC AdBot (Login to Remove)

 


#2 Rocky Bennett

Rocky Bennett

  • Members
  • 2,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Mexico, USA
  • Local time:01:28 PM

Posted 05 December 2017 - 05:47 PM

My gut feeling from reading your entire story is that this "incident" has absolutely nothing to do with your computer or internet activity. This type of criminal activity occurs all the time. I have experienced it myself. I can almost say with 100% certainty that there is absolutely no connection between your computer or your online activity and this particular incident.

 

But, with all that said, you are aware of the Equifax breach, right? This incident sounds like it is related to the Equifax breach or some other data breach. Again, this is not connected to your computer or online activity at all, this type of data breach effects all people regardless if they have ever been online or not.

 

Me personally, the day after the news broke about the Equifax breach I;

 

1. Contacted my state's Attorney General and registered a formal complain

2. Contacted each of the major credit reporting companies and froze my credit

3. Bought a Lifelock insurance account

 

https://www.consumer.ftc.gov/blog/2017/09/equifax-data-breach-what-do

 

Again, do not worry about your computer or your internet activity. This type of criminal activity is huge and has nothing to do with how an individual lives their life.


594965_zpsp5exvyzm.png


#3 notta3d

notta3d
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:28 PM

Posted 05 December 2017 - 07:01 PM

Thanks Rocky. Sorry for the long read. Just my luck, 140 million Americans get their information stolen and I get hit this soon??

 

I am so irritated right now. I had been on the fence about locking my accounts so after reading your message. I called the three antiquated systems and froze my account or at least I think I did.

 

1) Equifax - Called and went through the automated process but while it was telling me that it completed successfully it started flipping out on me that there were too many errors and hung up on me. I tried to call and validate but they were closed.

2) Transunion - Went through the automated process but it had a problem with my card. I talked to a guy that sounded like a robot, paid my $10 which is bullsh***, and he froze my account. I said to him I just ran my annual report a few months back so how can I tell that something hasn't been done since my information was used. He is sending me out the latest credit report at no charge.

3) Experion - Paid my $10 but could not find any way to talk to someone about getting my credit report to make sure something hasn't been done recently. From what I'm reading they don't want to talk to people.

 

I have been debating about the Lifelock account but $30 a month is steep!!! I have also read that they really don't work.

 

Could you tell me how the Attorney General complaint went? I am so disgusted by this. I have perfect credit and now I'm paying money out of my own pocket because some big mega corporation screws up? This is disgusting.

 

For the life of me I don't understand this whole credit report system. In this day and age they can't put exclusions that the user themselves can run credit reports as much as they want without hurting their credit? So I get 1 credit report a year and if something happens I'm in the dark until next year when my new report is available? Something is really corrupt here. Is there any way to track me credit without having to pay all the time? My buddy said you can do it with Credit Karma?

 

As for the bank, I'm not real sure how they got in then. If they didn't breach my computer how did they log into my account to add the payees and change the alert email? Did my bank make all the changes for them over the phone? I could not validate that my password was changed because the bank locked it before I could try to log in.



#4 Rocky Bennett

Rocky Bennett

  • Members
  • 2,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Mexico, USA
  • Local time:01:28 PM

Posted 05 December 2017 - 07:37 PM

In my case, the state of New Mexico, the fees to lock my credit was waived. Also, the Attorney General thinks that with the data that I have provided I will not be responsible for the Lifelock subscription fees. This whole episode has been a huge fiasco, but like you said it has effected half of America so our stories are just the tip of the iceberg.

 

One other preventive measure that I did was to change the actual password on my email account. That part was optional but with our data floating around on the dark web it was just an added piece of comfort for me. I truly hope that the phone call that you had with the "bank representative" was not a scam call, but from what you detailed it does not sound like you give the caller any personal information, you just gave him a piece of your mind.

 

Bleeping Computer is a wonderful forum but I am sad that your introduction to our site was under such negative conditions. Keep us all posted on any developments because there might be some serious implications involved with your case. I also hang out at another forum that might be of some help to you.

 

https://malwaretips.com/

 

My best advice to you is to stay on top of this because it is the individual's responsibility to maintain their own security.


594965_zpsp5exvyzm.png


#5 Umbra

Umbra

    Authorized Emsisoft Rep


  • Members
  • 139 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:28 AM

Posted 05 December 2017 - 08:59 PM

@notta3d

 

your mistake was here:
 

 

I can even narrow down when I think the breach might have occurred and actually wanted everyone's feedback. A few weeks back I wanted to view an event online, but the website required you to disable ad blockers on the browsers. I was not very comfortable doing this so I ran the web browser in Sandboxie thinking any malicious activities would be contained to the sandbox. While watching the event the browser crashed and after re-opening the Sandboxie Browser a filename.exe download box came up and automatically downloaded the file into my download directory. In all my life I had never seen this happen before. My question I keep asking myself is did the file actually run? It happened so quick. I went on thinking that it was contained but it must have run. After that I had a large amount of Firefox tab crashes up to the phone call from the bank.

 

 

by default settings, sandboxie doen't prevent keylogging and transmission of datas from keyloggers downloaded and executed in the sandbox, and i bet this is what happened to you.

 

So if the exe ran in the sandbox, everything you typed therefater was transmitted to the criminals.

 

the question is, does during the crash, the exe was contained or not; if not, you know what the reason why...

 

i don't believe lastpass as faulty.


Edited by Umbra, 05 December 2017 - 09:01 PM.


Emsisoft Community Manager





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users