LinuxQuestions.org
Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > General
User Name
Password
General This forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!

Notices


Reply
  Search this Thread
Old 01-24-2018, 04:21 PM   #1
RandomTroll
Member
 
Registered: Mar 2010
Distribution: Slackware
Posts: 921

Rep: Reputation: 150Reputation: 150
Hacked passcodes for my bank account


I connected to my bank from a public computer at U New
Mexico. It authenticates by sending an e-mail with a passcode.
The message took unusually long to arrive. When it did, the
code didn't work. I tried again using the copy of Firefox on my
flash drive; the code didn't work the second or third time.

When I got home I found 3 messages from my bank with
passcodes; they weren't the passcodes I had received at
UNM.

Because the same thing happened with UNM's Firefox and my own,
it wasn't a hack of their Firefox.

That good does this hack do the hacker? If they had captured
my name and number, wouldn't they want me to log in?

I called my bank; there were no transactions. I changed my name and password.
Does this hack sound familiar?
 
Old 01-24-2018, 04:40 PM   #2
smallpond
Senior Member
 
Registered: Feb 2011
Location: Massachusetts, USA
Distribution: CentOS 6 & 7
Posts: 2,974

Rep: Reputation: 795Reputation: 795Reputation: 795Reputation: 795Reputation: 795Reputation: 795Reputation: 795
Sounds like you connected to a phishing site. The public computer may have changed DNS to divert your browser or some other hack. If so, the browser is OK, it is just not really going to your bank. Did you have the green lock in the address bar?
 
Old 01-24-2018, 07:26 PM   #3
Habitual
LQ Veteran
 
Registered: Jan 2011
Location: Yawnstown, Ohio
Distribution: High Sierra
Posts: 9,096
Blog Entries: 37

Rep: Reputation: Disabled
Quote:
Originally Posted by RandomTroll View Post
I connected to my bank from a public computer at U New
Mexico.
SuspectZero, IMO
 
Old 01-24-2018, 08:13 PM   #4
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 9,078
Blog Entries: 4

Rep: Reputation: 3169Reputation: 3169Reputation: 3169Reputation: 3169Reputation: 3169Reputation: 3169Reputation: 3169Reputation: 3169Reputation: 3169Reputation: 3169Reputation: 3169
I'd say ... "Action This Day™," contact your bank!

Let them know exactly what you experienced. Give them all the factual details that you can regarding this latest attempt to defraud their customers. I'm quite sure that they will swiftly set things right for you.
 
Old 01-25-2018, 03:50 PM   #5
scasey
Senior Member
 
Registered: Feb 2013
Location: Tucson, AZ, USA
Distribution: CentOS 7.5
Posts: 1,394

Rep: Reputation: 477Reputation: 477Reputation: 477Reputation: 477Reputation: 477
My advice: Never connect to your bank from a public computer or on a public wifi network. Just sayin'
 
Old 01-26-2018, 02:10 AM   #6
//////
Member
 
Registered: Nov 2005
Location: Land of Linux :: Finland
Distribution: win 10 | OpenBSD 6.2 | Fedora 28 | Fedora 27 Server
Posts: 319

Rep: Reputation: 121Reputation: 121
Quote:
Originally Posted by scasey View Post
My advice: Never connect to your bank from a public computer or on a public wifi network. Just sayin'
or use vpn?
 
Old 01-27-2018, 03:38 PM   #7
RandomTroll
Member
 
Registered: Mar 2010
Distribution: Slackware
Posts: 921

Original Poster
Rep: Reputation: 150Reputation: 150
My bank offers extra security for remote connections.

I wasn't asking for banking or security advice.

I thought this was a curious hack. I reported it. If someone else had a similar experience I would enjoy reading about it.
 
Old 02-18-2018, 05:17 AM   #8
rob.rice
Senior Member
 
Registered: Apr 2004
Distribution: slack what ever
Posts: 1,036

Rep: Reputation: 185Reputation: 185
I found that someone had used MY gmail account to open an account on readit and instagram I changed there user names,passwords and deleted every thing they posted
and reset my gmail password to a long leet phase

personally I wouldn't even log on to my gmail account on a public computer with out using a live distro

Last edited by rob.rice; 02-18-2018 at 05:19 AM.
 
Old 02-18-2018, 08:17 AM   #9
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 9,078
Blog Entries: 4

Rep: Reputation: 3169Reputation: 3169Reputation: 3169Reputation: 3169Reputation: 3169Reputation: 3169Reputation: 3169Reputation: 3169Reputation: 3169Reputation: 3169Reputation: 3169
Once again, Google should be informed and they can assist you.

Service providers need to be promptly informed of every breach or suspected-breach that has occurred.

You also need to take written notes about these incidents, and keep these notes for a long time in a (physical) filing cabinet: exactly when did the incident occur, exactly who did you contact (and exactly when), contemporaneous written notes about what you said and what they said. Legally speaking, it's called due diligence. Someone in the future may ask to see these records, which will also be written evidence of the incident and of your response to it. There should be no question of your entitlement to restitution in case of fraud, but someone might subsequently be investigating that fraud (or a larger criminal network of which your fraud was a part), and "your memory" won't suffice.

Last edited by sundialsvcs; 02-18-2018 at 08:18 AM.
 
Old 02-18-2018, 09:56 AM   #10
cwizardone
Senior Member
 
Registered: Feb 2007
Distribution: Slackware64-current with "True Multilib."
Posts: 4,056
Blog Entries: 1

Rep: Reputation: 1352Reputation: 1352Reputation: 1352Reputation: 1352Reputation: 1352Reputation: 1352Reputation: 1352Reputation: 1352Reputation: 1352Reputation: 1352
As BM ////// asked in post #6 above, wouldn't a VPN protect a user when accessing his banking institution (or any other purpose)?
 
Old 02-19-2018, 01:08 AM   #11
rob.rice
Senior Member
 
Registered: Apr 2004
Distribution: slack what ever
Posts: 1,036

Rep: Reputation: 185Reputation: 185
Quote:
Originally Posted by cwizardone View Post
As BM ////// asked in post #6 above, wouldn't a VPN protect a user when accessing his banking institution (or any other purpose)?
if it's the ISP or may be the government BUT not from the computer he is on
and the ISP could have a log of the fact your on a VPN
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
How do I deposit this check into my bank account? puppymagic General 11 03-11-2016 11:14 PM
How secure is this system to access my bank account jlinkels Linux - Security 13 01-09-2015 02:45 PM
MySql and a simple Bank Account DB air4time Programming 16 10-27-2010 03:25 AM

LinuxQuestions.org > Forums > Non-*NIX Forums > General

All times are GMT -5. The time now is 12:13 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration