Constantly Being Hacked Solution

[uffbros]

I am now on my 5th new Visa credit card in 2 months time. Someone is getting my info and I have no idea how. It is mostly on Amazon.  This time I held off putting my new card on to their site to pay for something until I was ready to purchase. Sure enough 6-7 hours later I get a text from Chase Visa saying someone tried to make a purchase from Amazon Tradein. It said it refused the payment for $200 and they locked the account and in another week I will have another card with different account number. I have changed all my passwords and particularly Amazon 25 times. I even went to the extreme of wiping out my computer and reinstalled Windows. How the hell are they getting me? Are they logging into my Amazon account and trying to purchase something? I don't save any bank info in the browser either. Amazon or Chase has no clue as I have obviously called them every time.

I also had someone get $200 out of my b ank account. I was reimbursed for the $200 and they have no idea how it is happening either.

Do we have any IT Pros's on here that can tell me how this is happening? Even thou I clean installed Windows I run at least 5 different security scanners and come up clean. Thanks for any insight into this.

[aum]

(I see your posts in the TurboTax thread in Software Updates.)

 

 Could there be any connection between TT on your PC and hacking?

[funkyy]

Maybe some employee at the VISA end is involved or information is being leaked from there.

[Mutton]

The above is at least a possibility. I had a CC account which gave me two different cards: a VISA and a Mastercard. I only ever used the M/c; the VISA never left the sticky letter it was attached to. Yet the VISA was compromised and had multiple attempted transactions one day.

 

The bank said I must have used it somewhere, and forgotten (even though there was not a single transaction on it that was mine!). Nope.

[aum]

How about the Bank?

[uffbros]

Bank credited me back the $200 but the people in the bank have no clue what happened. They say they turn it over to their fraud people and they investigate. They never tell you what they found out.

This all started before I even installed Turbo Tax...This started back in December

[aum]

Does your credit card issuer have your bank account information  (e.g., for automatic withdrawal)?

 

(Also: Did you use a patched TT in 2019?)

 

[Karlston]

Moved from Security & Privacy News.

 

Sorry, this isn't news. Better here.

[uffbros]

@aum...No they don't....I used the dnSpy throughout 2019 and now 2020 versions of TT to fix it.

 

[DLord]

Maybe a man-in-the-middle attack through Wi-Fi eavesdropping/shared network.

Anyone with access to your wifi/internet connection network or worse your router could do that.

I would change wifi password as well as router's log-in credentials.

[uffbros]

Here we go again...30 days later......I am now on my 6th Visa card.......I enter the card into Amazon account so I can use my Visa points to make a purchase.....This time I have Amazon setup to require not only password to get into the account but also they send me a second code every time to my phone to get in......Next day bang....I get another text from Visa asking if I just made a $200 purchase at AMZN Tradein.....of course I didn't...So another card blocked and I wait another 8 days to get new card with new account number. To do this they have to get into my account...right? There is no way they can get in there as they don't have my phone that get's the text for login???? I called both Amazon and Chase and neither has any idea how it could be done. In conclusion I will from here on out just enter my card to make purchase and use my points and then delete card from Amazon server......The purchase will still go thru. It just about kills me I or they have no idea how or who is doing this.

[funkyy]

This must be a real pain for you..is your phone somehow compromised?

I mean, I'm not experienced with mobile phones and I've never owned one,

but your phone seems to be the "common denominator" in all of this.

Try making a very cheap purchase using a phone from someone you trust completely

and see if you get a follow-up request for payment from VISA for a larger amount.

If you don't get that request for a larger amount it would surely point to your phone having been hacked.

[random]

Seems like a pretty nasty situation.

Here's what I would do. 

- format everything, delete all partitions (even the EFI hidden ones), avoid backing up as much as possible. Music collections should still be OK for example. Photos.

- ditch all cracked software, or use all banking from a separate OS install. That goes for phone apps too.

- return to your phone to factory defaults, remove root if you use it, you get the idea.

- get a new card, and use 2FA and proper authentication on everything; use an authenticator app. Guess you already have that with the SMS.

- stay off any patched/pirated/cracked software for maybe half a year.

- do banking related stuff only from secured browsers, for example with Kaspersky safe Money

- you could try to only do banking inside a clean virtual machine. 

- patch your router's firmware and every device to be up to date 

It does look like somebody might have access to your device. Or at the very least, your Amazon account.

Amazon should know the location of the fraudulent purchase attempts as they'd likely be logging in from a different location. It should be sent to the police, obviously. Theoretically these websites should detect peculiar logins from areas you're not using, and ask for 2FA, SMS or mail. You might be able to see open sessions for all sorts of stuff and log out those you don't recognize. Same for Google acct. activity etc. 

If you still need to use more shady stuff, just have a separate OS install, on a separate drive. Or if performance is not needed, a VM.

[uffbros]

I have done most of the stuff above...but if I did any more there is no point in me being online to be honest with you. When I get me 8th card and want something off Amazon I will just enter it for that purchase and then delete it when done. That should fix it.

[jayballs]

Quote

This time I held off putting my new card on to their site to pay for something until I was ready to purchase. Sure enough 6-7 hours later I get a text from Chase Visa saying someone tried to make a purchase from Amazon Tradein

Its fairly simple.  Its either the computer or cell phone.  Is it the cell phone, then replace it with a different one.  If its the computer, replace it or use the cell phone for orders.   besides replacing the passwords, change the security questions, reset the router.and

use a 2fa usb stick like yubico (hardware verification) because sms verfications is weak when you have a comprised computer or cell phone.  Maybe lifelock credit monitoring services like lifelock should help

https://www.yubico.com/why-yubico/

With hardware verification like yubio is good because even if the attacker knows your password and the security questions.  its useless without the usb stick.  you only insert the stick when you need too.  A backup usb stick woud be nice

Get a new email account like gmail because 2fa usbsticks work great and put all your accounts (banks utilites, amazon, ebay) on your new email.  get rid of all assoction from your old accounds and email so theres no ties to the new one   attackers cant do crap like change the passwords or anything because they dont have the physical access to the 2fa usb stick.  the attackers will stand out easliy in the future and where there doing it from

[humble3d]

COULD THE LEAK BE ASSOCIATED WITH YOUR EMPLOYER OR WORK PLACE ??