We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Account hacked (I believe)
Chrissiew
Posts: 374 Forumite
Before I start I will say I am an idiot, before anyone else does lol
I use internet banking with Halifax, this morning first thing I signed on in the usual way, with my username and password, usualy after that it will go to a drop down menu where you have to put character from your memorable information.
This morning though after I put in my password and username it went onto the next page and said please type in your memorable information, then it said please enter your debit card details, the long number, expiry date and CV code, I put in the wrong memorable info just to see what would happen and it did say, sorry that is the wrong information please try again, so I did what it said and put my card details in etc and it took me straight to my accounts.
I have halifax saved to my favourites and have gone to the account that way for years so didnt think anything of it, I just thought it was Halifax doing extra checks, but when I had finished doing my stuff I did get a bit scared so phoned them up.
I was told in no uncertain terms that there is no way they would firstly ask me to put in my memorable info, they would only ask for letters from it using the drop down menu, and they would never ever ask me to put in all my debit card details, so my computer has been hacked in someway. She canceled my card and suspended my internet banking untill I get a new card and find out what virus I have on my computer, they will reinstate my banking once all that has been done, luckily I have a couple of accounts with them so was able to transfer my money from that account to another one.
BUT what I am thinking is could it be the bank site itself thats been hacked, the reason I ask is I did a full virus scan and no threats at all have come up, no viruses on my computer, its all very confusing really as when I tried to get on my account to see if it had been suspended I put in my username and password and the next screen said account suspended, which is fine, but sureley if I had been hacked the screen would have come up asking for my card details again wouldnt it? As it wouldnt be a real bank account screen just a hacking one (I think)
Anyway a couple of questions, although my card has been canceled they cant take money from my account still can they? Or could they use it to buy stuff with as they have all the correct details? Can they use the card details in anyway at all?
I use internet banking with Halifax, this morning first thing I signed on in the usual way, with my username and password, usualy after that it will go to a drop down menu where you have to put character from your memorable information.
This morning though after I put in my password and username it went onto the next page and said please type in your memorable information, then it said please enter your debit card details, the long number, expiry date and CV code, I put in the wrong memorable info just to see what would happen and it did say, sorry that is the wrong information please try again, so I did what it said and put my card details in etc and it took me straight to my accounts.
I have halifax saved to my favourites and have gone to the account that way for years so didnt think anything of it, I just thought it was Halifax doing extra checks, but when I had finished doing my stuff I did get a bit scared so phoned them up.
I was told in no uncertain terms that there is no way they would firstly ask me to put in my memorable info, they would only ask for letters from it using the drop down menu, and they would never ever ask me to put in all my debit card details, so my computer has been hacked in someway. She canceled my card and suspended my internet banking untill I get a new card and find out what virus I have on my computer, they will reinstate my banking once all that has been done, luckily I have a couple of accounts with them so was able to transfer my money from that account to another one.
BUT what I am thinking is could it be the bank site itself thats been hacked, the reason I ask is I did a full virus scan and no threats at all have come up, no viruses on my computer, its all very confusing really as when I tried to get on my account to see if it had been suspended I put in my username and password and the next screen said account suspended, which is fine, but sureley if I had been hacked the screen would have come up asking for my card details again wouldnt it? As it wouldnt be a real bank account screen just a hacking one (I think)
Anyway a couple of questions, although my card has been canceled they cant take money from my account still can they? Or could they use it to buy stuff with as they have all the correct details? Can they use the card details in anyway at all?
not all on benefits are scroungers and don't need to be bullied!
0
Comments
-
I have just paid my credit card bill on Halifax and the login was as-normal.
Some while ago I read that there was a new form of hack/virus that added new entries to login screens to extract additional details so they could rob your account.
I think that this is what has happened to you and you have done the right thing to put a stop on your account before they get your cash.
You need to run more antivirus software with the latest updates on your computer...
eg: Windows Defender, Malwarebytes are free. Try different software to ensure better coverage and maybe ask for advise from Halifax.
Good luck...
Update: This is the reference from the TV. They demonstrated that the virus added additional entries to the login screen.
http://www.bbc.co.uk/news/technology-168120640 -
I have some experience in internet security - from what you've said, it sounds like the Halifax site hasn't been hacked, but neither have you - security threats don't necessarily have to be viruses etc. Javascript or websites will malware can edit your bookmarks and direct you to a site that "looks" like Halifax but isn't. It's basically a combo of phishing and spoofing. With banks and other important websites, manually typing in the address can help mitigate this.
Now that Halifax have been informed of the problem, you should be safe from unauthorised payments, but I'd recommend changing any other similar passwords, memorable info & logins you frequent.
So your card should be safe - keep your eye on it when you receive the new one, as since you have reported the problem you should not be liable for any further problems.0 -
thankyou for your replies, I cant believe I was so stupid:mad: I really thought Halifax was just doing new securtiy checks or something, but hopefully now its all sorted nothing will happen, although if anyone thought they would rob me of thousands of pounds they would be very very upset as Ive got barely any thing in the account, its just the thought that they can do stuff like that.not all on benefits are scroungers and don't need to be bullied!0
-
These virsus are getting a lot more devious these days. It's possible it had a fake front end asking you to type in your details, it then uses these details to then log you in your real bank account, so it looks to you as if you have access the proper site. Meanwhile they send your details to another computer and try to remove the money from your account before you realise what is happening.0
-
My Tesco Credit Card was compromised on the 12th April with 2 online purchases made. This follows my details being compromised at Pixmania a few weeks earlier. I only became a ware as they changed my Tesco secure online code and I received an email.
This is where it gets interesting. I reported that my details with pixmania had been comprised to them as with every company I deal with who has any personal details are given a unique email address. Pixmania denied any details had been compromised within 10mins of my email and I asked it to be escalated. I received their escalated denial was sent to me on the 12th April 24 mins before I was notified that my Tesco crediut card account had been hacked.
Guess where the culprits made their purchase - Pixmania
Pixmania's response was to tell me to go to the Police, not stop the shipment of fraudulently purchased goods.
Seems like Pixmania is the Fraudsters shop of choice and I can see why0 -
OP, I would suggest that you post an abbreviated version on the Techie board, where you will get advice on the best way to check whether you have a Trojan or some other unwanted nasty on your computer. They may well ask you to post results from scans so that they can further advise on what to get rid of.0
-
Personelly I wouldn't touch PixMania anymore, a right bunch of con-artists.0
-
Just for clarity (in case anyone else finds this thread with a similar issue), what the OP has experienced is whats called a 'Man in the browser' type attack/infiltration.
http://en.wikipedia.org/wiki/Man-in-the-browser
Bascially put, it's a security attack that sits and waits for you to attempt to log into your online banking. It then sits in between you (your browser) and, in this case, Halifax's web page. It appears nearly identical but instead of only asking for sections of information it asks for ALL your login criteria. It sends what is required to login to Halifax and you login as normal - BUT it then sends your complete security information to the hacker's server to be used later.
Whether you use a saved link (favourite / bookmark etc) or type the url, or even use google it often makes no difference as the hacker's code is simply waiting for the url to be processed by the compromised browser.0 -
I have carry out regular boot scans as well as regular spybot scans. plus all my email goes through and scanned server. Plus the email address in relation to Pixmania was not entered on my system. It was given to Pixmania when signing up and all emails in relation to that address come into a catch all.
I have done some searching and have found that Global Payments was compromised on the 2nd April with 1.5million card details stolen.
I think that I have to look at the companies with whom my Credit Card Details are stored. Amazon, Paypal are the main ones plus a couple of regular charges for telephony. I will also go back through any companies with whom the transaction was made by phone. Luckily the card is only use on specific memorable transactions so the list will be short.
On the email front, out of some 50+ companies whom have sensitive details given to them in the last 4 years only 4 have been compromised and it was at their source. Saxo Bank, CMC Markets, Aston Lloyd and Pixmania. As they say if I had bee compromised then the lot would have been hit. In one case I found that my details seemed to follow the path of one of the former senior managers. Thank goodness for linkedin.
Fraud is only rising due to issues such as data protection protecting the fraudsters. Maybe the government should make attempted fraud on credit cards punishable to the same degree and maybe it should start with the credit card companies being more proactive instead of reactive0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 351.7K Banking & Borrowing
- 253.4K Reduce Debt & Boost Income
- 454K Spending & Discounts
- 244.7K Work, Benefits & Business
- 600.1K Mortgages, Homes & Bills
- 177.3K Life & Family
- 258.4K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.2K Discuss & Feedback
- 37.6K Read-Only Boards