Online bank account problem (NA)

ausrere

ausrere

Pattern Altitude
Joined
Feb 22, 2005
Messages
1,682
Location
Austin, TX
Display Name
Display name:
Lisa
Ok guys, I know there are very smart computer gurus on this board, so I thought I'd pose a question that I was asked tonight. Here's the short version:

A friends husband has experienced three 'incidents' with someone gaining access to his AmEx online account, and changing the password. Today they changed the mailing address. Each time, he reports it to AmEx, changes his basic security details, has gotten new accts, etc and it happens again. So the mental giant he spoke to in India insisted he was giving his information to someone, that was the only explanation (which I know the guy, there is no way he's doing that). Needless to say, he got nowhere so they are doing the same protocol AGAIN. Still doesn't solve the problem. He has some unknown security software (he didn't tell me which one, he just said it was "name brand", I'll ask) to check for bots. It no bots. His theory is/was that it must be a keylogger OR it might be through Mint.com. None of his other accounts seem affected. I'm not familiar with Mint.com, is anyone else? He has now enrolled for LifeLock identity theft. Do you have any suggestions on how to troubleshoot this? He primarily uses his Mac to access this account. Any suggestions on things for him to do?

I worry about Mint.com, but a google search doesn't find that many complaints about this sort of thing happening and he's been using it a while and with several accounts with no issues. I know nothing about Macs, so my advice will be limited. Would welcome any advise you guys have to pass on. Especially about choice software to use to root out any keyloggers or bots on a Mac.

Thanks
 
Well - I've never heard of mint.com -- but after looking at it..I just have to try it. Seems pretty cool.

I'll let you know if someone jacks my credit card.
 
No way, no how give *any* third party your account information.

You can have all the security in the world locally and as soon as information is placed on another site it is subject to the quality (or lack thereof) of that site.

Personally I think banks and credit cards are big enough security risks themselves without adding in third parties. I average about 1 card hijack a year but it is only on one particular account. Kinda makes you go hmmmm. In other words, there are enough security risks within banks so that I don't need to add external security risks.
 
Mint.com is fine and it's very highly unlikely that this has anything to do with mint.com.

I suspect that it's a worm/remote keylogger installed on his computer. 99.9% likely that it has something to do with his computer.

-Felix
 
Key logger was my first thought.

What about unsecured wireless?

Does he access his account from a public computer, like in a pilot's lounge?

Joe
 
sba55 said:
Mint.com is fine and it's very highly unlikely that this has anything to do with mint.com.

I suspect that it's a worm/remote keylogger installed on his computer. 99.9% likely that it has something to do with his computer.

-Felix
Click to expand...

Areeda said:
Key logger was my first thought.

What about unsecured wireless?

Does he access his account from a public computer, like in a pilot's lounge?

Joe
Click to expand...


Agree. First thought is a keylogger, the second is a trojan.

Recently had a problem with a work computer where a trojan got installed, rerouted certain web access requests to a site in China (much easier to catch with the s-l-o-w work network since you could see the redirects). We reimaged the computer. (We determined that there was a rootkit that snagged reguests going to the network stack and rerouted them to rogue sites in China.... easy enough for the rogue site to be a trojan site).
 
Could be so many things. Could be keylogger/virus/trojan, could be someone on any network he connects his computer to especially wireless. VERY well could be someone he knows. Someone very well could have hacked his EMAIL address, and used that to reset passwords, and intercept the email. It could be someone he knows. If you're security questions are what city where you born in, what high school did you go to, etc. Any of one of your friends/family members with a hidden drug/gambling/etc problem could be getting your info. He could have bookmarked a phising site and things it's genuine.

There are many possibilities. He really needs to completely overhaul his security situation if they can't find the culprit.
 
Security problems tend to not be supper exotic, the weakest link is what is exploited.

To do what he has had done to him someone needs to know the account number, the email address and the 4-digit security number for the card. The first two can be easy to get. The third would only be found if someone has seen the card.

Are there kids in the house? When he gets his new card is the letter already opened? Does he show the card to anyone at a PoS that would know his email and then notices the problem?

Sure install more security on the computer, but also employ some additional physical security for the card. Also change the email address associated with the account and give the new address to no one EXCEPT Amex. Make the new email address something that would not easiliy be associated with him. IOW not a name, address, birthdate, etc. Random letters and numbers would be good.
 
I'm not aware of any malware keyloggers for the Mac that would be installed without his knowledge. Keyloggers do exist though, but someone would have to have access and install privileges to put one on the machine.

Another technical idea: there's a program for Macs called Little Snitch that will monitor and block disallowed outgoing network data. If there is a keylogger or other malware installed and stealing his info, this would likely catch and prevent it from going out.

Does his username and/or password to the Amex site suck? Usually, these are the weakest links in the chain. PW's should be >8 characters, have a mix of letters (incl. capitals, numbers, and symbols, if allowed). Don't overlook the username, too. When I first signed up with one bank for online access, I kept getting "account locked because of too many failed logins" message. It turned out hackers run a dictionary (or brute force) attack on usernames (i.e. they pick common names/words and then hope they find a weak password). My original username, rpadula, was in the hack list, so I added some extra random numbers and letters to it and the attacks didn't affect me anymore.

Mint.com was recently purchased by Intuit. I don't know much else about it or their security, but like Clark, I'm reluctant to give passwords to 3rd party sites.

You say he "primarily" uses the Mac to access this account. Where else does he access AMex from? If he has a strong UN/PW, those are more likely to be the culprits than his Mac.
 
But he uses a MAC, how can he even think he has a problem. I thought they fixed everything.:D
 
bqmassey said:
Could be keylogger/virus/trojan, could be someone on any network he connects his computer to especially wireless.
Click to expand...

Just to clarify -- assuming this bank uses https, then it is not practical for someone on the network (such as the owner of a wireless base station) to intercept a password transiting the network. So you can rule this out as a possibility.

Why do I say practical? Because, in theory, if an attacker had significant computational power available to them they could break the encryption. But I'm assuming that we are dealing with a small-time criminal here, and not a directed (and expensive) attack by a large government institution... I'm also assuming that the user checks for the lock icon in their browser every time -- if you can trick him into connecting with plain http, all bets are off.

Chris
 
I've yet to see a keylogger that works on a Mac, so I don't think that's the issue....

You guys using someone else's wireless network for banking transactions ever? Or are there any other sites he uses a credit card at?
 
colohan said:
Just to clarify -- assuming this bank uses https, then it is not practical for someone on the network (such as the owner of a wireless base station) to intercept a password transiting the network. So you can rule this out as a possibility.


Chris
Click to expand...


Look up the Bluecoat proxy, and think again, particularly if you access HTTPS sites from work.
 
colohan said:
Just to clarify -- assuming this bank uses https, then it is not practical for someone on the network (such as the owner of a wireless base station) to intercept a password transiting the network. So you can rule this out as a possibility.

Why do I say practical? Because, in theory, if an attacker had significant computational power available to them they could break the encryption. But I'm assuming that we are dealing with a small-time criminal here, and not a directed (and expensive) attack by a large government institution... I'm also assuming that the user checks for the lock icon in their browser every time -- if you can trick him into connecting with plain http, all bets are off.

Chris
Click to expand...

Not true even in the slightest bit, and this is bad advice to give anyone concerned about security.
 
TMetzinger said:
Look up the Bluecoat proxy, and think again, particularly if you access HTTPS sites from work.
Click to expand...
That is kind of dependent on you modifying the workstation to consider the Bluecoat proxy's certificate as a trusted root certificate.
 
jesse said:
That is kind of dependent on you modifying the workstation to consider the Bluecoat proxy's certificate as a trusted root certificate.
Click to expand...

Hence my comment about "at work" where your browser may be pre-configured to trust it. My point is that unless you are using a computer you configured, and you know it's clean, SSL does not offer the protection you might think it does.
 
Pure anecdotal evidence, but my mom used to have AmEx security issues to the point that they closed out their AmEx card.

Back in the mid 90's before I believe online banking was widely availible we had a lot a issues pop up over just a few weeks. Somehow someone ordered an additional card and tried to change her contact info. AmEx called the house and she blocked it. Few days later, an additional card for someone came under her account. She cancelled it promptly and destroyed it.

She got a new account number and card. Didn't even have a chance to charge anything to it, but still a few weeks later yet another came, this time 2 guys came by our house literally a few seconds after the delivery truck left our house. Unfortunately for them we were home and recieved the package instead of it being left outside. They claimed to be from AmEx saying they sent the card in error and we should give it to them.

After that she cancelled AmEx and never been with them since due to these security issues.
 
colohan said:
Just to clarify -- assuming this bank uses https, then it is not practical for someone on the network (such as the owner of a wireless base station) to intercept a password transiting the network. So you can rule this out as a possibility.

Why do I say practical? Because, in theory, if an attacker had significant computational power available to them they could break the encryption. But I'm assuming that we are dealing with a small-time criminal here, and not a directed (and expensive) attack by a large government institution... I'm also assuming that the user checks for the lock icon in their browser every time -- if you can trick him into connecting with plain http, all bets are off.

Chris
Click to expand...
Exactly. Cracking TLS is even more unlikely than mint.com being the problem.

I bet it's something on the computer. Reinstall, since you could otherwise be exposed in other ways that you don't know about yet.
 
A few jobs back, the work group had a Macintosh laptop that was supposed to be shared; but one of the higher-ups treated it as his personal computer. I needed it for something...got his boss to get the computer to our lab. He had his vacation planned out on a spreadsheet...including his credit card number!!

Short version...does the person leave this information on the computer thinking it is safe? An open wifi or other network holes could let someone see the data.

It sounds like they are goofing with the guy...changing the password and address but apparently not charging anything? Sounds like an inside job to me...close friend or relative maybe?
 
I've passed on the info you guys gave me. Thanks.

I know there isn't anyone else in the home that could gain access. No kids. He owns his own business, and is the only one at work with access to the laptop. I recommended a total wipe and reload of everything, but I'm not sure what he'll do. He's not techno phobic, and he has a pretty decent grasp of basic home computer security precautions, so I'm pretty sure his router isn't wide open. We will see if he has any other problems after the reload. Thanks for the info.
 
Pi1otguy said:
Pure anecdotal evidence, but my mom used to have AmEx security issues to the point that they closed out their AmEx card.

Back in the mid 90's before I believe online banking was widely availible we had a lot a issues pop up over just a few weeks. Somehow someone ordered an additional card and tried to change her contact info. AmEx called the house and she blocked it. Few days later, an additional card for someone came under her account. She cancelled it promptly and destroyed it.

She got a new account number and card. Didn't even have a chance to charge anything to it, but still a few weeks later yet another came, this time 2 guys came by our house literally a few seconds after the delivery truck left our house. Unfortunately for them we were home and recieved the package instead of it being left outside. They claimed to be from AmEx saying they sent the card in error and we should give it to them.

After that she cancelled AmEx and never been with them since due to these security issues.
Click to expand...

I had an Amex Optima card 15 years ago. When I moved to the Portland area ahead of my family (they had to finish the school year in San Jose) my wife got a bill for the card with charges from a local hotel and a mail order auto parts store (among other places, IIRC). She was curious about what was going on. So was I. The card had never left my wallet and I didn't use it. Took forever for Amex to get things straightened out. I cancelled the card and the only Amex cards I've had since are company issued cards. What a zoo...
 
As another data point - I've had an Amex account for 20 years now. Never had a problem.

My wife had her Cap One visa used to purchase some airline tickets out of the country. Cap One completed it's review in two days, gave her a new card, and no problems since. We were pleased by how painless the process was.
 
You must log in or register to reply here.
Back
Top