<p>Almost got me. Very unnerving and I am now rethinking my internet security. I made some big (huge) obvious errors, but am posting here to let people know what can happen.</p>
<p>Friday I received an email from Chase bank about a wire transfer not processed. (Not a phishing email) My online access had been disabled and I could not talk to anyone who knew what was going on until Monday morning. Fortunately I was able to at least confirm account balances by phone banking so I could tell my balances were ok and there were no unusual transactions.</p>
<p>So Monday the wire fraud department tells me an attempt was made on Friday to wire $9900 from one of my savings accounts to Unicredit (an Italian bank). The wire department at Chase held it up because it was going overseas. In order to send this wire someone had to log onto my internet banking account using my username and password. In addition, they needed an authorization code sent to a cellphone. According to Chase the phone number was added to my account on October 10, 2008. (area code was 910= NC. Could be significant or coincidence) This should have generated an email to me. I don’t know why the email was not sent or how/if I missed it. So supposedly someone accessed my account in October 2008 to change the phone number and then waited until January 30 to attempt the wire fraud. Sounds fishy to me, but that’s all I have been told. </p>
<p>So how did someone gain access to my internet banking account? Not sure - I have been so careless there were many vulnerabilities. Keylogger malware software could be on my computer which captures passwords and sends them to a remote location. But I have not had any other accounts or credit cards compromised. </p>
<p>Here are some of my mistakes: We moved from NJ to NC at the end of May, so I had to use computers at several different friends houses to access online banking. I do not remember if I ever used a computer at a library. I don’t think so. I did not change my banking password for a long time. When I finally got online here in NC (In July) my network was unsecured for several months. I then bought a new router with encryption and my wireless network is now pw protected. I think my antivirus software was always up-to-date. I get daily updates from mccafee.</p>
<p>I am now running multiple virus/malware scans to clean up my computer. Changing passwords on all banking accounts and will change them monthly. Obviously monitoring accounts very closely. Bank of America here has extra security available. In order to get online I will now need username + password + a code sent to my cellphone. That is just to get online, so even with my username and password a hacker won’t be able to get to my account (in theory!)</p>
<p>Just a heads up on things to watch out for. I know I was very careless. Also there was a recent article on MSN about the security of internet banking.</p>
<p>A couple weeks ago, I received numerous e-mails from BA that my request to “unfreeze” my accounts was received. I got the fraudline e-mail address and forwarded the requests with a message that I did NOT request them. I, too, have to change all my passwords, etc. Thanks for the tip about changing them every month.</p>
<p>It’s a good heads-up and I’m glad it all worked out.</p>
<p>Just last week I noticed (from my house) that a neighbor’s wireless router was unsecured. Luckily they had their name on it as the identifier so I called him up and then went over to his house and secured it for him. Coincidentally, the day before ‘Cops’ was on TV and they came across a guy sitting in his car in a neighborhood with his laptop accessing people’s wireless connections. He also had lists of SS numbers, DL numbers, etc. and was doing some identity theft. Thankfully, the cops arrested him while he was commiting the act.</p>
<p>If you ever search for wireless connections in an apartment building it’s amazing how many are unsecured.</p>
<p>I guess people don’t secure them because while buying and hooking up a wireless router is very easy, many people just don’t understand the terms ‘encryption’, ‘wep’, etc. and so avoid configuring it even though it’s also usually easy to do.</p>
<p>I have received two or three emails from BofA in the past two days. I don’t even have a BofA account. Forwarded them on to their phishing alert site.</p>
<p>Wireless Routers can be a pain to setup for encryption when the network device doesn’t match the router. This can happen with mixed brands of router/network device.</p>
<p>I haven’t changed banking passwords since I got them so these things are probably at least 10 years old. I generally followed what I thought were best practices but several weeks ago was notified of a virus attempt - possibly from an infected adserver. I found that one did get in. Viruses can get in via zero-day attacks where antivirus companies haven’t had time to update their virus definitions for an attack that shows up without warning.</p>
<p>I’m now running (in addition to AV) Windows Defender, Avast, Spybot Search and Destroy and TeaTimer. I started doing regular scans on the system and haven’t seen any problems since running all of the heavy duty stuff. Shortly thereafter, I reconfigured my home setup to use my Mac which I use full-time at the office.</p>
<p>I have the feeling that Windows will always be plagued with virus and other attacks and it’s a never-ending battle between mal-ware makers and the anti-malware companies. I’m going to sit it out for the most part on Mac OSX. Linux is another option but it would be more work for me to maintain. Solaris would be another option.</p>
<p>For those with Discover Cards, one nice feature is one-use limited credit card numbers. You get the number on their website and then use it online and then it goes poof.</p>
<p>Another nice security approach would be the use of a SecureNet Card. This is a little device that looks like a calculator. When you go to do something on the web, you go to do the operation and it gives you an 8-digit number as a challenge. You then log into your SecureNet Card with an 8-digit number and then enter the challenge number. It returns a code that you enter to reply to the challenge. If all is good, then you’re in.</p>
<p>The SecureNet Card self-destructs if incorrect passwords are entered three-times in a row or if it runs out of power. I don’t expect this level of security from US merchants anytime soon. It’s also a pain in the neck to use a lot because you have to enter and type so many digits.</p>
<p>On Wireless security, you can get even better security if you log onto a network using VPN. This can be especially useful in public places so that others on the LAN can’t intercept your packets.</p>
<p>I live in a very small town and it is not likely any one would be sitting on our dead end street stealing wireless; I have a couple of neighbors who are part timers and I left my router unlocked to allow them part time wireless, but now I am reconsidering the intelligence of this, but darned if I can login to my router :eek: to make the change. Looks like a night of tech support ahead :(</p>
<p>I am a Nigerian prince and I have to move out $2,000,000 out of the country! Please send me your account information and I will give you 10%. This is not a scam!</p>
<p>:D Those are my favorite. I always bait them along haha.</p>
<p>somemom, you’ll be surprised - there is a lot of stuff happening in small towns on dead-end streets (like mine). You can probably just talk to your neighbors and configure their computers to allow connection to your network.</p>
<p>We’ve got e-mails threatening us with lawsuits if we do not reply to some questions online (link provided). Yeah, right :rolleyes:</p>
I don’t know - a car was stolen on a dead end street near me the other night.</p>
<p>
You should secure your router to protect yourself. You shouldn’t let your neighbors piggy-back onto yours unless it’s okay to do so by your service provider. Allowing your neighbors to piggy-back onto your connection is the same as ‘stealing cable’ that’s done by some people. It’s effectively preventing the service provider from being able to do business with those people. Anyway, you might want to check the legalities of your contract with your provider.</p>
<p>
Many routers allow you to login by just browsing to them on a fixed IP address. If you didn’t change the default user/password you can try the defaults. </p>
<p>Linksys: browse to 192.168.1.1 and use ‘admin’ as the user and ‘admin’ as the password (without the apostrophes).</p>
<p>DLink: 192.168.0.1 and use ‘admin’ as the user and leave the password blank. If that doesn’t work use admin for both user and password.</p>
<p>Netgear: 192.168.0.1 and use ‘admin’ for the user and ‘password’ for the password.</p>
<p>By the way, the identity thieves already know all this info.</p>
<p>There are usually a few choices on the security to use but one of them is WEP security. With this you can set a long hex (0-9, A-F) number (like 26 characters) into the router and then each laptop, iPhone, or other system trying to access it would also need to be set with the same number.</p>
<p>ucsd<em>ucla</em>dad, good point - typically a provider would charge an extra monthly fee for “networking”. We pay our provider a couple of Starbucks coffees worth per month to have a wireless network.</p>
Still? Mine doesn’t charge extra and many don’t and they allow you to connect a wireless router to the cablemodem/DSL modem, etc. They usually have the wireless router available that they might charge extra for but they don’t require you to use theirs and allow for a person to use their own wireless router.</p>
<p>However, I doubt that most of the providers would allow one to allow anyone outside of the paying household to use the connection any more than they’d allow one to splice a TV cable into one home and run it to a few other homes all while just paying for the single home. If this was allowed it’d deprive the provider of the ability to sell the service to the other homes and could even net a profit for an enterprising user (i.e. pay $30/mo for the service and sell it to 4 neighbors at $15 each).</p>
<p>I happen to know of a couple in Virgina who work for the CIA who have an unsecured wireless network. </p>
<p>I know of this because I visited a friend that lived next door to them, and early one morning I wanted to access my email via my laptop. My friend’s network was secured and I couldn’t log on … but the neighbors was wide open.</p>
<p>It might have been wide open but they might have had logging enabled with their machines otherwise secured. When you use any kind of “public” wireless, you take risks.</p>
<p>The original OP makes good points about improving security. It also could possibly be an inside job from a bank employee who noticed something about your move and tried to profit from it. Without going into many details, I received a patient insurance benefit explanation that had wrong information. A call to the insurance co. revealed that a false claim had been filed by one of their employees on the employee’s own health insurance using our practice information. This is clearly a fraud, and might have gone undetected under other circumstances (sloppy billing service, lack of proper posting etc.</p>
<p>UCLA Dad gives some great assistance in reminding us how to access the router. If you do an upgrade and have trouble you may need to upgrade your firmware and once you have done that, be sure to restart your modem & your router by unplugging them and also possibly resetting via the reset button.</p>
<p>Also, be sure to close and reopen a new browser each time you finish the changes</p>