PC been hacked how do I protect my bank accounts ?

GeoffTF

km1500 said:

Sg28 said:

km1500 said:

it would be interesting to know how clicking on a link and downloading an attachment and even running an attachment would lock you out of your Steam account and your google account.

does anybody have any idea how this works?

Downloading an attachment can secretly install malware (a virus) which can do virtually anything imaginable. There are thousands of different malwares which can do whatever you need it to. Hackers can: control your computer, move your mouse and run programs etc, Turn on microphone and camera and record, steal files, log keytrokes to havest usernames/passwords, read and send emails, even access other computers on your home wifi network, access IOT devices on the network such as security cameras, tvs, thermostats etc. Its pretty incredible what is possible. 

yes thank you for that I understand what you are saying but what I would like to know is how an executable attachment that you download can lock you out of your Steam and Google accounts ie what would it do to accomplish this

When you click on a link in an email, you will be logged into your Google account. There is no need to bypass Google's security. The malware can instruct Google to change your password, recovery email address and recovery phone address. Google does not demand 2FA to change these details. You are then locked out. Nonetheless, as I have said, you may be able to regain control by using Google's recovery procedure. In addition to the measures that I have mentioned, it is a good idea to log into your Google account regularly from a another device, and use that device for the recovery. A physical security key helps to establish that you are the real owner of the account, as does a set of backup codes.

masonic

km1500 said:

Sg28 said:

km1500 said:

it would be interesting to know how clicking on a link and downloading an attachment and even running an attachment would lock you out of your Steam account and your google account.

does anybody have any idea how this works?

Downloading an attachment can secretly install malware (a virus) which can do virtually anything imaginable. There are thousands of different malwares which can do whatever you need it to. Hackers can: control your computer, move your mouse and run programs etc, Turn on microphone and camera and record, steal files, log keytrokes to havest usernames/passwords, read and send emails, even access other computers on your home wifi network, access IOT devices on the network such as security cameras, tvs, thermostats etc. Its pretty incredible what is possible. 

yes thank you for that I understand what you are saying but what I would like to know is how an executable attachment that you download can lock you out of your Steam and Google accounts ie what would it do to accomplish this

There are plenty of ways it could be achieved, once something is running on the system, from the malware quietly sitting in the background monitoring the clipboard and keystrokes, to redirecting DNS queries to enable a follow-up phishing attempt. If the accounts are not protected by 2FA, then it would just need a redirect to a login page to recover that and then the attacker could change the password, log out all other devices and quite likely they could reset security and recovery information if the primary email is part of the bundle. At that point it becomes quite difficult for the account owner to get back in. There was mention of a profitable Youtube account, so this may have been a targeted attack and may be followed up with attempts to extort money from the victim, usually in the form of a cryptocurrency transfer.

km1500

running an arbitrary exe on your system would cause user account control to kick in and I can't believe someone would just arbitrarily say yes please run this 

changing your Google password when you are logged in does not require 2fa as you say but it certainly requires you to enter your old password first so an exe could not do that 

I am not 100% the full story is being told here

Aminatidi

User random and unique passwords for every website and use 2FA wherever possible and make sure you use it when it's anything you value.

If you're trying to use almost any online service and you use the "forgot password" link what does it do nine times out of ten it sends you an email.

Pay massive attention to securing your email account as it's essentially the key to your online life and if the bad guys can get into it and you can't they can really mess up your life.

masonic

km1500 said:

running an arbitrary exe on your system would cause user account control to kick in and I can't believe someone would just arbitrarily say yes please run this

I wouldn't describe myself as a Windows user, but have to use it at work, and UAC only kicks in on executables under certain circumstances. Nevertheless, people do get fatigued by this and just click through it. The last PC I bought for home use had the UAC slider dragged right down to the lowest level on the preinstalled Win11 Home. It was actually not so easy to set it up to log in as limited user and prompt for elevation to a separate admin account when needed. Perhaps that's a drawback of home vs pro or enterprise.

km1500 said:

changing your Google password when you are logged in does not require 2fa as you say but it certainly requires you to enter your old password first so an exe could not do that

That's why step 1 is getting the user to enter their "old" password, either by clearing the cookie in their local browser profile and waiting for them to get prompted for it naturally, launching a phishing login page in the default browser, or some other technique. This would work even on a limited user account.

km1500 said:

I am not 100% the full story is being told here

Absolutely!

GeoffTF

km1500 said:

running an arbitrary exe on your system would cause user account control to kick in and I can't believe someone would just arbitrarily say yes please run this

There are ways round that. One way is to change a program that runs legitimately.

km1500 said:

changing your Google password when you are logged in does not require 2fa as you say but it certainly requires you to enter your old password first so an exe could not do that 

I am not 100% the full story is being told here

Yes, that is true. The malware could capture the password by telling the user that he needs to enter it though. Google accounts certainly do get hijacked. We rarely get the full story here!

Aminatidi

km1500 said:

this might be better moved to the techie board

Respectfully I think threads like this are a useful reminder sometimes 😀

NithyaH

I also find this all a bit hard to believe.  You often read about people being “hacked” when it’s nothing of the sort.  The more likely explanation is that this person uses the same username and password for multiple sites and someone has got access to them via a credential leak.  If it was a file that they ran then what website were they on, why would they ignore the warnings that any modern system would throw up, etc.?  It’s not credible unless there was also some element of social engineering too.

masonic

I for one would like to learn more about what happened and wouldn't want to be dismissive or disparaging of the OP/son and as a consequence deter them from coming back and sharing more. These incidents can contain useful learning points. Although it occurred under different circumstances as described here, I'm reminded of the incident where well known scambaiter Jim Browning fell for a scam involving his Youtube channel and graciously described it in detail here. Hopefully the OP's son will recover his online accounts and then we can dig a little deeper into what happened and how.

Sg28

NithyaH said:

I also find this all a bit hard to believe.  You often read about people being “hacked” when it’s nothing of the sort.  The more likely explanation is that this person uses the same username and password for multiple sites and someone has got access to them via a credential leak.  If it was a file that they ran then what website were they on, why would they ignore the warnings that any modern system would throw up, etc.?  It’s not credible unless there was also some element of social engineering too.

Malware is constantly being engineered to get around the defences. If a an os system isnt kept updated its vulnerable and even up to date systems can still be caught out by the latest virus incarnations