[SOLVED] Someone is trying to rip me off!

This morning, as I attempted to login to my account that my disability check is deposited into, I couldn't get in. There was a bold notice that stated that too many failed attempts to login to my account was made, however the one and only time that I logged on this month was last week (Monday) to check for a product refund. I had to reset my password to gain access to my account.

I only use my desktop for transactions, and it's hardwired, I don't use the wireless any longer for it. As the regulars here knows, I scan regularly with my AV (MSE 2.0), Ad-Aware, MBAM, SAS, and the ESET Onilne Scanner. The only thing found is ad or tracking cookies. No spyware, trojans, or viruses. In fact, a complete scan with SAS showed the computer as clean a few minutes ago.

However, on my notebook that uses the wireless, ESET & SAS has found trojans, potential spyware, and tons of ad cookies. I don't know if this has anything to do with anything, but am just adding this info for possible solutions.

I make regular purchases on my desktop, but only deal with reputable (well known) businesses.

Any suggestions? I suppose that I could use Linux Mint for transactions, but can't get my printer to work with it (a usual issue with Linux in general for many). But the level of security is higher (I believe). If I can't find a solution, the only thing that I know to do is call the card issuer to block internet access to the account, period. And just receive paper statements, using only the phone for balance checks, etc.

Any advice would be greatly appreciated.

EDIT: I use CCleaner nightly, and right after every transaction that I make.

Cat

Cat that's a good possibility. Try calling the toll free number on the back of one of your bank cards, i.e: Check,ATM or credit card. If your dealing with Bank of America, it's 800-432-1000. When you call make sure you have your account and soscial security number's, as you'll have to key both into there phone system. I sort of expeience something similar in the past. Only difference wasmy check card was stolen, not my account hacked into. I refuse to use any online banking. I know my pc is secure, but we have no clue how secure the bank's pc's are. Most aren't from past report's I've heard.

cat I'm not convinced this had anything to do with your PC's security. It was failed attempts to login that flagged your account for a reset in password. The failed attempts could have been done by anyone randomly choosing an account. I think if it was an issue with PC's security, they would have been successfully logging in.

If your security was compromised it is often enabled by the victim by clicking on an email link. Never click on email links from "your bank" or "paypal" to access your account; instead type in the URL into a fresh browser window. One method criminals use is to set up phoney web fronts that look like your banks logon but really just capture your info.

Definitely contact your bank ASAP and it wouldn't hurt if you went around and changed your passwords on financial websites.

Do you use a password manager that encrypts your usernames and passwords? If not, you should consider trying one, as that will help to improve your online transaction security. You could keep it on a flash drive and only use it for banking and purchases, if you want even more security. Some of them can be set to automatically clear your clipboard after a specified number of minutes.

It could also be one of the rogue site's that look identical to your bank's website and redirects to there rogue site to steal your login info. Update MSE and Malwarebytes in Safe Mode. Also, contact your bank to verify everything, so you're covered. Better to be safe, than sorry, especially when your money's involved.

Thanks to all for your advice. CC, I see where you're coming from, it's reasonable to assume that if my computer had been hijacked, all of the businesses that I deal with, including email accounts, the login & passwords would be exposed.

TM, I don't click onto any links to banks that I get in my emails. However, I have (upon making a purchase) clicked directly onto the PayPal link provided on the site. But I've had no problem in making my purchases, however for added security, I'll check out your suggestion, and type in sites through the browser. I suppose out of being lazy, I have my monthly sites where I pay bills bookmarked. It probably wouldn't hurt to manually type it in.

etalmar, you have what appears to be a good suggestion as well. I never knew that you could generate a password and store it on a flash drive. I have a couple spare ones, and could practice it on email accounts first, to get the hang of it.

brkkab, you have some good suggestions too. I've seen some of these "rouge" websites, usually an official looking email from the bank, down to the last details. Fortunately, I have WOT (Web Of Trust) as an addon to Firefox, all of the links had red circles around them, this raised my eyes a bit. Upon further looking, some words were misspelled, a dead giveaway to a rouge site. Also, I use the NoScript function of FF, only allowing temporary access to most sites.

I'm going to call my financial institution Monday morning about this. See, it's kind of tricky to gain access to this account, as it (the bank) was selected by the US Treasury to handle monthly federal (SS, retirement, etc) payouts. You don't login by using your real name (it won't allow you to), you create a unique name, along with a password that requires at least one capital letter and one digit, and select one of the pictures (or upload your own) for additional security, as well as a secret security question of your choosing from the list.

Therefore, for anyone to have tried to login to my account, the person(s) would have to had known (or generated) my unique user name. No one knows me by this name, not even my spouse, it's not written on paper, and I use it for no other purpose, making it even harder to obtain. That's the issue at hand, my username had to be typed in, otherwise the password means nothing.

As additional security, I'm considering closing my PayPal account. They are a convenience, but they're a third party with your account number on their site. There are dishonest people everywhere, even at banks. PayPal, although not like a traditional bank, transfers money for purchases & refunds, and holds money in escrow (your refunds, for instance). If you use PayPal to make a payment, and you desire a refund, then it'll go back to them, and you have to login to PayPal to actually get your money transferred to it's original source, in my case, my US Treasury issued debit card.

I do thank you all for your valuable advice, and come Monday morning, some phone calls will be made to tighten my security. Although it's unlikely anyone can actually get in, it's a nuisance to be locked out of my account.

Cat

The link from within ebay to paypal is safe. And having your real bank sites bookmarked is also safe.

What happens in emails is they create websites with names similar but may have a ".ru" on the end (or something similar) and so it looks close enough to your bank that most people don't notice the difference.

I don't click onto sites (except forum posts) through email links. That is one of the most certain ways of inviting unwanted trouble. That's why I dumped Yahoo!, I was getting way too many of these type of emails in my box that actually belonged in the spam folder. WOT does a decent job of flagging these sites/links with that bright red circle, but it's not 100% foolproof.

Cat

I have PayPal and only access it via eBay or by typing the address in URL bar.

I am with Cliff on this one though. I think it's just a weird circumstance.

Someone may have gotten some of your snail mail by mistake and tried to access your bank account that way. It does happen.

Keep us posted.