Serious Discussion General question about hacks

[SamStam]

I hope I'm in the right forum. If I'm not, please give me a link for a forum that would be more appropriate.

Since late December my bank debit card has been compromised four times and my Sears card once. I've mostly cleaned up the mess and am looking at how to find out more about the hacks.

From what I've discovered so far it appears that identity protection software only reports on the fact that it happened. It does not tell me who did it. The only thing it offers is the typical recommendation I find all over the web: change passwords, etc. Is there no hope for us ordinary people who get hacked to find out how the hack was done or who did it?

According to what I've found on the web police and the FBI are the only ones who can find out who hacked and how it was done. Is this correct? It sure would be nice to have a web site or software that would tell me more than just "Well, you were hacked".

I learned through this hacking incident that I should use a credit card instead of a debit card for everyday purchases. Seems the rules are different between the two cards. Credit card hacks are fixed quickly, and I don't lose money. Debit cards, on the other hand, are much more difficult to fix when hacked. I was appalled to learn that my bank has no way and even no interest in finding out how I was hacked and the name of the hacker. My bank refunded my money until the fourth time. At that point they closed my account and seized all the money in it and my savings account! The money in my account was from Social Security. I thought banks were not allowed to seize Social Security payments.

 

[Bot]

I'm sorry to hear about the troubles you've been experiencing. I'll do my best to provide some useful information to you.

Firstly, you're correct in assuming that identity protection software primarily focuses on alerting you when your personal information has been compromised. It's not designed to track down the person or group responsible for the breach. This is largely due to the complex nature of cybercrime, where criminals often use sophisticated techniques to cover their tracks or operate from countries where they're less likely to be prosecuted.

Finding out who's responsible for a hack or how it was done is indeed a task for law enforcement agencies or specialized cybersecurity firms. They have the tools, knowledge, and legal authority to carry out such investigations. Unfortunately, due to the high volume of cybercrimes and limited resources, they often prioritize cases that involve large-scale breaches or significant financial loss.

As for your experience with debit and credit cards, you're correct that there are differences in how fraudulent charges are handled. Credit cards generally offer better fraud protection than debit cards. This is because when you use a credit card, you're borrowing the bank's money, whereas with a debit card, it's your money that's taken. Therefore, banks tend to act faster when a credit card is compromised.

As for your bank seizing your money, you may want to consult with a lawyer or a consumer protection agency. While banks can freeze accounts suspected of fraud, there are protections in place for Social Security funds. The Federal law (Section 207 of the Social Security Act (42 U.S.C. 407)) protects Social Security benefits from assignment, levy, or garnishment. However, the details can be complex, so it's best to get legal advice.

In the future, consider using credit cards for online purchases or any transactions that might put your card information at risk. Also, regularly monitor your accounts for any suspicious activity, and consider using two-factor authentication where available.

 

[ForgottenSeer 109138]

I hope I'm in the right forum. If I'm not, please give me a link for a forum that would be more appropriate.

Since late December my bank debit card has been compromised four times and my Sears card once. I've mostly cleaned up the mess and am looking at how to find out more about the hacks.

From what I've discovered so far it appears that identity protection software only reports on the fact that it happened. It does not tell me who did it. The only thing it offers is the typical recommendation I find all over the web: change passwords, etc. Is there no hope for us ordinary people who get hacked to find out how the hack was done or who did it?

According to what I've found on the web police and the FBI are the only ones who can find out who hacked and how it was done. Is this correct? It sure would be nice to have a web site or software that would tell me more than just "Well, you were hacked".

I learned through this hacking incident that I should use a credit card instead of a debit card for everyday purchases. Seems the rules are different between the two cards. Credit card hacks are fixed quickly, and I don't lose money. Debit cards, on the other hand, are much more difficult to fix when hacked. I was appalled to learn that my bank has no way and even no interest in finding out how I was hacked and the name of the hacker. My bank refunded my money until the fourth time. At that point they closed my account and seized all the money in it and my savings account! The money in my account was from Social Security. I thought banks were not allowed to seize Social Security payments.

In looking for advice you have to offer more details in order for anyone to try and assist you. Having this done so many times I'm surprised you have not filed police reports on this.

First set of questions here to help determine.

Do you shop locally mainly, or online purchases. Who has access to your cards physically in the house and on the system if you shop online. How were you informed you had a breach. Was the actual bank account hacked?

If you shop online, consider using prepaid debit cards or gift cards instead of your personal bank and credit cards, set limits on these. If shopping online check the validity of the places you are shopping at, are they real and accredited.

To have this happen so many times is really suspicious. Is the computer your using infected?

These are some thoughts and questions to help you address this depending on how and where this happened.

 

[Victor M]

Is there no hope for us ordinary people who get hacked to find out how the hack was done or who did it?

How the hack was done. The hackers might have gotten in through a downloaded email attachment, an infected program that was installed, or a direct attack, thru your modem and router, to any internet connected program like your browser, email program or even OneDrive. It probably involved some form of keylogging. Or it could involve manipulation of your browser. The hack probably involved ex filtration of the stolen card numbers - they have to sent it back to themselves in order to use it. We security folks break it down into stages. And then try to do things to prevent every stage from happening again. Security is a field of study.

As for the question who did it. It is fruitless to ask. Because there is too much cybercrime happening for police to investigate. Because police tend to focus on big ticket items, small amounts have short sentences, so they consider it a waste of their effort. Which is not fair of course, but they have limited man power, so they choose. Then, hackers always hide their tracks and make tracing difficult. Their servers disappear, and they don't re-use the same ip addresses. Without any links to their PC's, you cannot know where they are or search their PC's to find out who they are.

Now, you said you have mostly cleaned up the mess. But It happened 5 times, so I want to be sure. Hacking definitely involves trying their best to stay on your PC for a long long time. Anything short of re-installing Windows cannot guarantee total eradication. So do that. We don't want a 6th time.

The stages that we have identified allows us to find prevention for each. Firewall stops some methods of direct attack by hackers. Anti-malware can detect and remove bad email attachments. Antii-malware can also stop suspicious programs from installing, and their behavior based detection may stop keylogging. Intrusion Prevention Systems stop browser manipulation. Free ones include Security Onion, Snort and Suricata. Security Onion requires an extra old PC, includes Snort and Suricata, and is easier to use. WHHLight is a simple free tool you can find here on MT. It belongs to the hardening Windows category. Windows is full of security flaws and hardening remedies that. Good security involves layers. You cannot rely solely on the firewall and anti-malware; they can fail. So you make sure there are additional layers. The last step requires some manual work: review your bank and credit card statements. It is only a detection method and not prevention, but data loss prevention programs are only affordable to companies. Some security things are technical, some are procedural. We have looked at technical things, so lets look at procedural. Upload your downloads to VirusTotal , You can only install 1 anti-malware program and that limits you. VirusTotal has some 40 anti-malware engines ready to scan things. Other procedures are like verifying from the sender via phone before you download an email attachment. Don't download from BitTorrent. I hope I have answered your questions.

 

[TairikuOkami]

It sure would be nice to have a web site or software that would tell me more than just "Well, you were hacked".

Have you seen something like that? Because I do not think there is a single legitimate webpage that would tell you that, except phishing ones designed to scare you to enter your details.

Since late December my bank debit card has been compromised four times

For starters separate offline and online payments. Use one card for physical payments and use the second card for online payments. This might help you to figure out, which one is getting targeted (hacked). Revolut has a neat feature, which allows you to use a single-use virtual card for each payment. It is inconvenient, but safe, at least till you figure out, what is causing it.

Virtual Credit Card Numbers: The Complete Guide

As identity theft continues to plague credit card holders, virtual card numbers can provide some peace of mind without complicating the payment process. Virtual card numbers are temporary card numbers associated with a credit card account for use online to make those transactions more secure. Virtua

www.forbes.com

At that point they closed my account and seized all the money in it and my savings account!

I can not imagine having 1 bank these days, not just for security reasons. In case like this you could just send social security your second bank account number, till the problem is solved.
I have 4 banks with cards with zero fees, so it cost nothing. As far as free international banks go, there is: Revolut, Curve. Verification is done online, so you do not need to go anywhere.

 

[SamStam]

Thanks so much for your advice. I hadn't thought about reinstalling windows.

I scanned my computer and android phone for malware & viruses. There were none.

 

[SamStam]

Thanks so much for your advice. I hadn't thought about reinstalling windows.

I'm now using a credit card instead of a debit card. I switched banks. The new bank lets me turn off the debit card. I did that. When I shop online I now use privacy.com.

I scanned my computer and android phone for malware & viruses. There were none.

 

[Victor M]

The scans for malware & viruses do not reveal hackers. Hackers are human, they develop their own tools, test them to ensure they escape detection by current security programs. Malware on the other hand are written at a point in time in the past, and remain the same, and are then spread widely. So security programs vendors will sooner or later learn to identify and remove them given time. Hackers are forever one step ahead in the security game.