How can you tell if someone hacked into your computer from the net?

[Ken Platt]

Folks - I wanted to see if I could tap into the tech wisdom here.

Somehow someone was able yesterday to gain online access to my credit card account, and changed the email and address. Then they tried to make a large ($4K) online purchase, which the cc company refused. I found out today when the cc company sent me an email notice of the changed email address. I called them, the account is shut down, and the account information corrected back.

My question: I figure that this means they somehow had my login information, and the only place that exists, so far as I know, is on my computer and the computers of the credit card company. So, I'm thinking one of us was hacked. Is there some way to figure out if it was my system?

I have a router, and run Avast antivirus. Since this all came up earlier today, I've run a malwarebytes scan, found nothing, a Avast virus scan, nothing, and had Avast run a network check which says that none of my devices are visible from the internet.

I'm in the process of changing other financial passwords, but so far haven't found any other problems, including with another account (CD's) I have with the credit card company.

I'm a bit rattled, and would appreciate all thoughts on how this might have happened, or what else I should be doing now.

Ken

[Charlie Velasquez]

What number did you use to call them? The one from the email or the back of your card?

my credit card has been compromised before. They called me to verify a suspicious purchase, then I called them back using the number on the card. i gave no information over the phone. The card was stopped, a new card issued.

I immediately tried to use my card at the gas station a couple of blocks away to verify it was stopped.

[Bill ThompsonNM]

Or do you ever log into your account from anywhere besides home on that computer?
Does your computer require a password at log in?

[Jim Koepke]

It may be one of the companies with whom you have done business.

Many financial accounts have been hacked. Though how your password was found could be another matter.

Some malware can install a key tracker program.

I am not up on things nefarious in the world of computers.

The first question anyone usually asks about my computer when there is a problem is, "have you installed anything new or upgraded anything recently?"

jtk

[Dan Hintz]

If you have ever typed your CC number into the computer to purchase something, the number is out there. Most email passwords are easy to figure out, and if you've ever been spoofed and entered the email/password into a spoofed website, they have that, too.

Stealing info is not as complicated as many make it out to be. It's quite possible your system is not compromised.

[Chuck Wintle]

Folks - I wanted to see if I could tap into the tech wisdom here.

Somehow someone was able yesterday to gain online access to my credit card account, and changed the email and address. Then they tried to make a large ($4K) online purchase, which the cc company refused. I found out today when the cc company sent me an email notice of the changed email address. I called them, the account is shut down, and the account information corrected back.

My question: I figure that this means they somehow had my login information, and the only place that exists, so far as I know, is on my computer and the computers of the credit card company. So, I'm thinking one of us was hacked. Is there some way to figure out if it was my system?

I have a router, and run Avast antivirus. Since this all came up earlier today, I've run a malwarebytes scan, found nothing, a Avast virus scan, nothing, and had Avast run a network check which says that none of my devices are visible from the internet.

I'm in the process of changing other financial passwords, but so far haven't found any other problems, including with another account (CD's) I have with the credit card company.

I'm a bit rattled, and would appreciate all thoughts on how this might have happened, or what else I should be doing now.

Ken

a couple of thoughts...as was mentioned any online purchase puts the CC number into cyberspace. hackers target companies often because they are lax on security so numbers get stolen. if you suspect some malware or akey logger on your computer then I would format the hard d rive and reinstall windows. These programs are very good at avoiding detection. For online purchases using your CC then consider running ubuntu in its "live version" only for these transactions. When you connect to a secure server it should show https. Is it possible you logged into a spoofed site? did you install anything that came as an attachment in an email?

[Chuck Wintle]

i discovered one day that 3 charges to the iTunes store were made on my CC for about $320 total. I had to sign and return by mail an affidavit that it was not me who made these purchases. my guess is that a local gas station attendant cloned my CC when I was paying for gas as these purchases appeared almost right after. Fraud is rampant in the CC business and companies are quite aware of it.

[Ken Platt]

It would not have surprised me if my credit card number alone was stolen, since it is "out there" on all my online transactions. What scares me is that they were somehow able to log into my credit card account online. Unless they have some sort of backdoor access, that means they got my username and password somehow. What's worrying is a) what information about me were they able to get with access to my credit card account information (SS#, date of birth?) and b) how did they get my username and password?

I do not have a smartphone, and do not use my username/password anywhere except my home computer. There is no chance of any problem from inside my home, it's just me and immediate family. I'm very careful about spoofing, never click on emails, always access the credit card website from my bookmarks. No new software, and I'm careful with the few programs I download to get them from a reputable site like cnet. Our wireless network is password protected, and anyhow we live in a rural area and I don't think the signal reaches anywhere near the street or neighbors (barely makes it to my bedroom).

So, I still can't come up with anything other than some sort of password stealing malware (browser based?) on my system or Discover themselves being hacked. I use Chrome as my browser, if that gives anyone any ideas. After this came up yesterday, I cleared all the browser data, (although I never have it save important passwords)

Other thoughts? Other anti-malware to run?

Thanks -

Ken

[roger wiegand]

Do you use strong passwords? Way too many people use stuff like ABC123, Password! or names of dogs, spouses or children, which any self-respecting bot can crack in no time. Or use the same password on multiple sites with varying levels of security. My compromise has been to use LastPass as a password manager. I'm hosed if they are ever hacked, however in the meantime every account I have has a different, very strong password (things that look like "S*Du2xVHV%t5^#e5R!") that can be changed regularly, and I only need to remember one to get into the system.

[Curt Harms]

It's possible that the bank or issuer was hacked. I had that happen with a debit card and if the thief hadn't been greedy - tried to withdraw way more than the daily max - I'd not have known about it for some time. That crack never made any news that I saw so just because you didn't read about a hack doesn't mean it didn't happen.

I've done sort of what Chuck recommends except I created an entirely separate 'computer' (actually a bootable partition with O.S. and apps) used only for secure transactions. It's not bullet proof but there is no one magical piece of software that ensures security, it's a layered process. Not using that 'computer' to do email, social media, general web surfing, not installing flash or java seem like a reasonable step. Sure a financial institution's web site could be booby trapped to download malware on users' machines but I hope institutions responsible for serious transactions harden and more closely monitor their sites than do facebook, twitter, TMZ and the like. Using an 'non-standard' operating system is another layer. Today most malware needs Windows services/Flash/Java to do their dirty work. Not all but most. Could that change? Sure, but it hasn't yet that I'm aware.

[Charlie Velasquez]

A common scam is to send out mass emails purportedly from a well known credit card issuer, saying they your password was changed and/or they have denied a purchase. Then they say, if you have not changed please call xxx-xxx-xxxx or click on the following security link.
When you do, they will ask you to verify your account and go through some whatever and say everything is all better. That is why I asked which number you used.

Never call a number on an email. Never click on an emailed link.
Never give out any information over the phone unless YOU initiated the call through the number on the back of the card.

If they stopped a card, verify it.

[julian abram]

I'm betting someone stole your info from an online transaction or could be a local purchase. I just had this happen to me last weekend. Someone made a $4500 purchase with my cc at Home Depot in Humble, Texas. I haven't been to Texas in a couple years. I called Visa and had the card cancelled. Visa is sending me a new card and affidavit to sign denying the purchase. One of those things you hear of all the time but don't think about it happening to you. The electronic information age is kind of scary for us old folks.

[glenn bradley]

Do you use wireless at home? If so how robust is your wireless security? Lots of good questions and info here.

[Lee Schierer]

Typically when you go to buy something online they want you to set up an account. You need to give them your email, a password and then you use your credit card to buy something. If that site gets hacked or isn't fully legit, and you used the same password as your CC account then you just gave a hacker all the information they needed to access your CC account.

[Val Kosmider]

It is safe to assume that ANYTHING which you put on the internet can quickly become part of the public domain. Between hackers on your end, keystroke trackers, and hackers on their end, nothing is secure. I think we have seen that pretty well documented with Home Depot, Target and Blue Cross--where they got the whole shooting match: Name, address, SS#, CC# and other personal history.

The problem with the new i-pay from Apple has been not with the link between your phone and the cashier, but with folks uploading your stolen CC info into their phone and spending away.

We all put the info out there. You just shouldn't be surprised when it gets compromised, and you must be prepared to act quickly to shut things down when it gets, inevitably, stolen.

It's part of life, 2015 style.