Sign in to follow this  
Followers 0
capr

Did I get hacked?

25 posts in this topic

Got home to my computer and a couple of web pages were open. Someone ordered stuff on different credit cards and shipped to Florida. Left pages open and logged out....

Definitely sounds like a hack no? Pretty concerned about my security right now.

Worst case, I was hacked and everything is compromised.

Best case, that was just some virus/spyware that pulled up those pages with no other threat.

I am working on cleaning everything (nothing suspicious)

Only odd behavior is my browsers don't work but I can ping stuff and access updates for anti malware

Share this post


Link to post
Share on other sites

Have you called your bank and cancelled your card? That should be your first priority!

4 people like this

Share this post


Link to post
Share on other sites

Have you called your bank and cancelled your card? That should be your first priority!

 

Yeah, I would spend less time snooping on the computer and more time with your bank ATM. You can sort the who-did-what later.

Share this post


Link to post
Share on other sites

Have you checked your online bank/credit card accounts from a different computer to confirm the charges? I would change passwords and be prepared to deal with banks/credit card companies, just in case. 

Share this post


Link to post
Share on other sites

Have you checked your online bank/credit card accounts from a different computer to confirm the charges? I would change passwords and be prepared to deal with banks/credit card companies, just in case. 

 

Computer? I'd call. Most times they can see things before they post, which could take days. Calling is the best way to cancel or put the cards on hold and also report fraud use.

 

Different credit cards, were they all yours? It almost sounds like your computter was VNC'd into and used as a hotspot to commit fraud, probably using stolen cards at that, tracing back to your place. I'd call your ISP maybe too after you got any compromised accounts secured. Also check your windows and doors... If VNC didn't happen.

Share this post


Link to post
Share on other sites

The websites were open on you computer? As in someone was physically (are they still in the house?..) or remotely using your computer?

1 person likes this

Share this post


Link to post
Share on other sites

You usually have a window in which to report such things to your bank/cc company.  As such, stop dicking about with your computer.  Damn geeks failing to see the wood from the trees ;)

 

I'd be the same

1 person likes this

Share this post


Link to post
Share on other sites

my cards were not used for the purchases.... they used 2 different cards for 2 different websites and sent things to 2 different addresses in FL under two different people's names.. 

 

is there any way to see a log of VNC type activity? was a particular port used? would my ISP or router log something that would help? 

Share this post


Link to post
Share on other sites

my cards were not used for the purchases.... they used 2 different cards for 2 different websites and sent things to 2 different addresses in FL under two different people's names.. 

 

is there any way to see a log of VNC type activity? was a particular port used? would my ISP or router log something that would help? 

 

curious if you don't mind answering... what security suite do you use?

Share this post


Link to post
Share on other sites

windows security essential along with superantispyware. I am behind an Asus router and windows firewall is also on. 

 

RDP is off but I use teamviewer 

Share this post


Link to post
Share on other sites

windows security essential along with superantispyware. I am behind an Asus router and windows firewall is also on. 

 

RDP is off but I use teamviewer 

 

does anyone have master remote "control" privileges with your team-viewer account?

Share this post


Link to post
Share on other sites

windows security essential

 

Oh god. That's not reassuring.

 

Having said that I would also recommend you do a scan with shieldsup https://www.grc.com/x/ne.dll?bh0bkyd2 and look for any open ports in your router.

Share this post


Link to post
Share on other sites

does anyone have master remote "control" privileges with your team-viewer account?

Don't they need the ID and Password?

Share this post


Link to post
Share on other sites

I know this answer is going to be a bit low tech but what if someone broke in just to use your computer to order stuff?

1 person likes this

Share this post


Link to post
Share on other sites

Sounds like psychical access to the machine, if you ask me.

 

Somebody smart enough to totally own your box remotely, wouldn't be so messy/careless. (imo)

 

Some headlocks and noogies are in order, if not a call to the police.

Share this post


Link to post
Share on other sites

I know this answer is going to be a bit low tech but what if someone broke in just to use your computer to order stuff?

Damn, now this got me wondering too.

Share this post


Link to post
Share on other sites

You say your cards were not used for the purchases?  Sounds pretty weird.

Share this post


Link to post
Share on other sites

RDP is off but I use teamviewer

Well why don't you look in the log then and see if any connections were made - unless you turned off logging the info is there.

post-14624-0-55343100-1407594571.png

2 people like this

Share this post


Link to post
Share on other sites

Well why don't you look in the log then and see if any connections were made - unless you turned off logging the info is there.

 

reassuring, thanks. I recognized all the IDs so unless things were deleted, thsi wasn't the point of attack. 

Sounds like psychical access to the machine, if you ask me.

 

Somebody smart enough to totally own your box remotely, wouldn't be so messy/careless. (imo)

 

Some headlocks and noogies are in order, if not a call to the police.

no physical access. there is no way someone would ignore all the tech sitting around and just use this one computer to make purchases that all went to florida... also my building has a concierge and my door is always locked. 

 

think I interrupted them? that's why ###### was just left open? 

Share this post


Link to post
Share on other sites

Was the PC left on when you went out? If not, was it powered off via the mains?

We know your router is ASUS, what model is it and which firmware is it running? If you browse to http://192.168.1.1/ login and go to the help or about menu, it should tell you the router model and firmware it's running

Oh god. That's not reassuring.

Having said that I would also recommend you do a scan with shieldsup https://www.grc.com/x/ne.dll?bh0bkyd2 and look for any open ports in your router.

Can you do this and post back the results?

Share this post


Link to post
Share on other sites

reassuring, thanks. I recognized all the IDs so unless things were deleted, thsi wasn't the point of attack. 

no physical access. there is no way someone would ignore all the tech sitting around and just use this one computer to make purchases that all went to florida... also my building has a concierge and my door is always locked. 

 

think I interrupted them? that's why ###### was just left open? 

Obviously I have no idea about your living arrangements, but I was thinking far more along the lines of it being somebody you know.

 

Family member, partner, friend etc.

1 person likes this

Share this post


Link to post
Share on other sites

Moved to Internet, Network & Security

Share this post


Link to post
Share on other sites

TBH I think your PC is infected by a fraud botnet. Try to scan using herdProtect.

Share this post


Link to post
Share on other sites

reassuring, thanks. I recognized all the IDs so unless things were deleted, thsi wasn't the point of attack. 

no physical access. there is no way someone would ignore all the tech sitting around and just use this one computer to make purchases that all went to florida... also my building has a concierge and my door is always locked. 

 

think I interrupted them? that's why ###### was just left open? 

 

There was no transaction time-stamps?

Share this post


Link to post
Share on other sites

my cards were not used for the purchases.... they used 2 different cards for 2 different websites and sent things to 2 different addresses in FL under two different people's names.. 

Must have been a pimp. :huh:

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.