Hi guys. I received a call from the fraud department of my bank last week and the gentleman said that some unusual activity was occurring on my bank account. He said several purchases were made from Africa and and several electronic checks were setup to be paid to other people. He also stated that my alert email was changed and asked me if I did it. I was on vacation so I was not looking at my emails but sure enough the night before I received the email that it was changed. The good thing is that the purchases were made at 3:00 pm and I was notified at 6:00 pm. Needless to say they immediately locked out my account and cancelled my credit cards. After hanging up he called me back within a half hour and said did you just call to transfer 5k to another bank? I said no. He said they just tried to call in to transfer money over the phone but our people denied it because their voice sounded shaky. I have to say this is some crazy stuff. We have all had viruses but this was taken to an entirely new level.
Here is the kicker, I store all my passwords in LastPass with the exception of 3. My bank account, my primary email, and my secondary email.Those 3 accounts I type the passwords in manually and all 3 are random passwords that are not easy to guess. Even more so is that my bank account, which they got into to make the changes, has NEVER been used anywhere other than my main PC that I use at home. The password is written on a piece of paper on my desk (I live alone). So this clearly tells me that my main PC was breached. The scary thing is that I keep my PC up to date with all patches and even run Secunia to tell me about vulnerabilities. At that time I had 4 vulnerabilities, old version of Python, SQL Server Framework, Wireshark, and another that I cannot recall but was not OS related.
I can even narrow down when I think the breach might have occurred and actually wanted everyone's feedback. A few weeks back I wanted to view an event online, but the website required you to disable ad blockers on the browsers. I was not very comfortable doing this so I ran the web browser in Sandboxie thinking any malicious activities would be contained to the sandbox. While watching the event the browser crashed and after re-opening the Sandboxie Browser a filename.exe download box came up and automatically downloaded the file into my download directory. In all my life I had never seen this happen before. My question I keep asking myself is did the file actually run? It happened so quick. I went on thinking that it was contained but it must have run. After that I had a large amount of Firefox tab crashes up to the phone call from the bank.
Let's say that the .exe actually ran and was not just downloaded, what do you think it did? Keyboard logger? I feel completely violated as did they have access to my entire file system and looked at all my personal files? Oh brother. How do you protect yourself against this other than not being stupid and going to a site like that in the first place?
Needless to say right after getting the call I disconnected my machine. Wiped out the C drive and installed a fresh version of Windows 10. I then went around and changed my most critical account passwords. Enabled 2-factor on a couple that I missed except for my bank. Can you believe that game companies and email services can implement 2-factor authentication but something as important as a bank cannot? Wow!
I now am feeling that I might be better off storing all my passwords in Lastpass as it doesn't seem they breached my Lastpass. The actual typing in of the password for my bank is the only one I type in and seems to be the only one they accessed. My 2 emails have been cached on my main machine for some time now. I have been using Lastpass for years and it has been rock solid but have been leery of storing the really sensitive information in there, but it seems it would have helped me in this situation.
One last thing, I received a call last week from a guy that identified himself as a member of the fraud team at my bank and he said he was doing a follow-up. He asked me if I knew how they got in. I thought that was strange question but I continued to talk and said I think an ad crashed my browser and caused all this. I then said I changed my LastPass and rebuilt my system. I then ripped him that the bank should offer 2-factor and he literally didn't say anything. The following day I called the bank asking if that number was one of their numbers (the number was a number in my area code) and they said they have no record. I decided to call the number back and it came back that the number was not in service. This freaked me out. Had I talked to the guy that actually tried to steal my money or did the bank rep anonymize his cell phone number? Wow, my skin is crawling thinking of it.
Now I'm wondering if I should get something like Lifelock to protect myself for a year or so since they probably know everything about me at this point. I also have other devices on my network such as a QNAP NAS, Hikvision Security camera's, NVR, and a PFSense box that I'm questioning have they all been compromised with that window that they had access to my system?? As you can tell I'm really shaken over this event.
Anyway I just wanted to tell you guys my story.