• The TUGBBS forums are completely free and open to the public and exist as the absolute best place for owners to get help and advice about their timeshares for more than 30 years!

    Join Tens of Thousands of other Owners just like you here to get any and all Timeshare questions answered 24 hours a day!
  • TUG started 30 years ago in October 1993 as a group of regular Timeshare owners just like you!

    Read about our 30th anniversary: Happy 30th Birthday TUG!
  • TUG has a YouTube Channel to produce weekly short informative videos on popular Timeshare topics!

    Free memberships for every 50 subscribers!

    Visit TUG on Youtube!
  • TUG has now saved timeshare owners more than $21,000,000 dollars just by finding us in time to rescind a new Timeshare purchase! A truly incredible milestone!

    Read more here: TUG saves owners more than $21 Million dollars
  • Sign up to get the TUG Newsletter for free!

    60,000+ subscribing owners! A weekly recap of the best Timeshare resort reviews and the most popular topics discussed by owners!
  • Our official "end my sales presentation early" T-shirts are available again! Also come with the option for a free membership extension with purchase to offset the cost!

    All T-shirt options here!
  • A few of the most common links here on the forums for newbies and guests!

My computer has been hacked -- need advice

JudyS

TUG Member
Joined
Jun 6, 2005
Messages
4,166
Reaction score
211
Points
448
Location
Ann Arbor, MI
UPDATE: It's my ISP that is repeatedly changing my password. They say they've changed it because my email is being used by spammers. (Although I don't know why changing my password is needed, since the ISP says no one has gotten into my email account.)
***********************************

Someone has hacked into my computer -- my desktop is affected, and I don't know if any of my other computers are also affected. (I am on my laptop right now.) I have no idea how to stop this threat.

I first noticed it two days ago, December 4, when I saw that large numbers of emails with bad addresses had bounced back into my primary email inbox. (I also have several other email accounts that I use, but these seem unaffected.) Usually, bounced spam emails just mean some spammer used one's email address as their return address, but has no access to one's accounts So, I wasn't too worried.

But later that day, I tried to sign into my email and was locked out. I had used a fairly secure password for that account, and had never used that password on any of my other accounts. *Now* I was worried.

My husband has administrative access to my email account, so he reset the password. I signed in and found 700 bounced emails, which I deleted.

I started checking other accounts I have for which I used that same, compromised email address. Most of these accounts seemed unaffected -- no unauthorized charges and no password charges. However, I was locked out of my eBay account, for which I had used the same email address but a different password. I contacted eBay (that was *tough* -- they don't like to answer their phones) and eBay reset my password.

I tried to sign into my primary email account and I was locked out again. Now, I was *totally* freaked out. The new password my husband had set up was very secure and we had never used it anywhere else. The only thing I can think of is that maybe someone has a keyboard sniffer set up on my machine. If so, all of my accounts are at risk, even those with other email addresses. And, I have tons of other accounts.

Today, I received a notice from one of my credit cards that my email address had been posted on the Dark Web on November 28th. But, other than the standard "change your passwords" advice, it didn't say what to do.

A McAfee scan, ESET scan, and MalwareBytes scan all showed nothing. I contacted Identitytheft.gov and filed a report, but their only advice was to change my password. That won't help if the hacker has some way to read everything I'm typing.

The affected computer is an expensive one that I bought less than a year ago, and I don't want to replace it.

I am also worried that perhaps someone has access to my Chrome account. That might give them access to my passwords. For now, I am not having Chrome store any of the passwords that I am changing.

I have a ton of various other financial accounts that I haven't checked yet, although none of these use the compromised email address. I have been very ill the past week and need to stay in bed most of the time, so I have very limited time to deal with this right now.

To summarize:
My primary email address was posted on the Dark Web
My email password keeps getting changed by some person(s) unknown
My eBay password may also have been changed w/o mu consent
I have no idea how the hacker is doing this or how to stop them.

Any suggestions?
 
Last edited:

SmithOp

TUG Review Crew
TUG Member
Joined
Jun 17, 2010
Messages
7,609
Reaction score
3,403
Points
499
Location
Huntington Beach, CA
Resorts Owned
HGVC King's Land 2BR Premier 23.040K Points.
Sorry you are having this problem, here are the steps I would take.

1. Disconnect the infected machine from the internet.
2. If you have any important files, back them up.
3. Since the machine is a year old there should be a way to reinstall the operating system (Windows 10?). This should completely erase the hard drive and reset it back to when you purchased it. If you don't have instructions on how to do that contact the place you purchased it. It could be a CD that came with it, or a separate section of your hard drive that you can boot up with and reinstall Windows.

4. I would use a different machine to change all your financial account passwords. Then you can work on email account passwords.

Good Luck.

Sent from my SM-G970U using Tapatalk
 

artringwald

TUG Review Crew
TUG Member
Joined
Apr 22, 2011
Messages
4,737
Reaction score
3,680
Points
448
Location
Oakdale, MN
Resorts Owned
DRI: The Point at Poipu, 3 deeded weeks, 1 of which is in The Club.
Before you wipe out all your programs and data, there are some other possible solutions. Norton has a free CD image you can download. If you burn a CD from that image, an ISO file, you can boot from the CD and run a thorough scan for malware. That might catch some types of malware that you wouldn't catch by running a program from Windows. It's more complicated, but you can use the same file to create a bootable USB drive to run the same program. Instructions are at this site.

https://us.norton.com/support/tools/nbrt.html
 

WinniWoman

TUG Review Crew: Veteran
TUG Member
Joined
Jul 16, 2010
Messages
10,762
Reaction score
7,057
Points
749
Location
The Weirs, New Hampshire
Resorts Owned
Innseason Pollard Brook
Wow! Scary! Would freak me out! I like the idea of just wiping out your computer and starting from scratch.
 

VacationForever

TUG Review Crew
TUG Member
Joined
Dec 5, 2010
Messages
16,196
Reaction score
10,607
Points
1,048
Location
Somewhere Out There
Just a quick suggestion wrt your email accounts. As you know there is recovery email, i.e. 2nd email address, and phone number associated with the email. Did you make sure that they did not get changed to the hacker's email and phone number in that they keep sending the recovery / change password message from the email provider?
 

vacationhopeful

TUG Review Crew: Rookie
TUG Member
Joined
Sep 11, 2007
Messages
12,760
Reaction score
1,699
Points
498
Location
Northeast USA
And that is WHY I do NOT pay bills thru the computer. And have a separate checking at a separate bank to use on the internet with an ATM card.

I have a very OLD bank account with no service fees, no minimum balances and FREE checks for life. And I HATE auto-drafting … it is much harder to know where my MONEY goes and control my cash flow each month. I was in 6th grade when I opened that bank account. My independent money was NOT known about by my parents … I spent a lot of time over at the neighbor's next door … playing with the horses kept there. Seems many of the horses stabled there belong to doctors whose daughters were suppose to ride and care for the horse … except their doctors' wives were the drivers and draggers of these young girls to their daily duties. These doctors' wives learned I could be paid to take care of the horses … and I set the prices. And got paid in CASH. My problem was I had to hide the cash but a BRAND new bank started up 1 mile away … with a promo of FREE CHECKS for life with no bank costs for LIFE.

Several years later, my Dad applied for a loan and was turned down. The bank manager suggested he just ask me for the money as I had that amount plus in my bank account. Dad would not pay me interest ….and he threw things at me saying I was "an ungrateful kid". I needed the money for school clothes … and scout camp. And my older brother made more money with his newspaper route … but he NEVER saved any of his money.

And yes, the bank has been merged with other banks over the years … and my 'free checks' still exist. But the number of 'vested fee bank' original account owners have seriously gone down. With ordering bank checks, I sometimes have to say "I have a 405 account" to a new teller … and an older teller explains, "No fee for ordering her checks".

I was in 6th grade when JFK was shot in Dallas, TX .. aka … the year I opened that account. .
 

WinniWoman

TUG Review Crew: Veteran
TUG Member
Joined
Jul 16, 2010
Messages
10,762
Reaction score
7,057
Points
749
Location
The Weirs, New Hampshire
Resorts Owned
Innseason Pollard Brook
And that is WHY I do NOT pay bills thru the computer. And have a separate checking at a separate bank to use on the internet with an ATM card.

I have a very OLD bank account with no service fees, no minimum balances and FREE checks for life. And I HATE auto-drafting … it is much harder to know where my MONEY goes and control my cash flow each month. I was in 6th grade when I opened that bank account. My independent money was NOT known about by my parents … I spent a lot of time over at the neighbor's next door … playing with the horses kept there. Seems many of the horses stabled there belong to doctors whose daughters were suppose to ride and care for the horse … except their doctors' wives were the drivers and draggers of these young girls to their daily duties. These doctors' wives learned I could be paid to take care of the horses … and I set the prices. And got paid in CASH. My problem was I had to hide the cash but a BRAND new bank started up 1 mile away … with a promo of FREE CHECKS for life with no bank costs for LIFE.

Several years later, my Dad applied for a loan and was turned down. The bank manager suggested he just ask me for the money as I had that amount plus in my bank account. Dad would not pay me interest ….and he threw things at me saying I was "an ungrateful kid". I needed the money for school clothes … and scout camp. And my older brother made more money with his newspaper route … but he NEVER saved any of his money.

And yes, the bank has been merged with other banks over the years … and my 'free checks' still exist. But the number of 'vested fee bank' original account owners have seriously gone down. With ordering bank checks, I sometimes have to say "I have a 405 account" to a new teller … and an older teller explains, "No fee for ordering her checks".

I was in 6th grade when JFK was shot in Dallas, TX .. aka … the year I opened that account. .


That's a rarity, Linda.
 

presley

TUG Review Crew: Expert
TUG Member
Joined
Aug 20, 2011
Messages
6,313
Reaction score
1,121
Points
448
I think the difficult thing is that you don't know how they've managed to get in. I wouldn't use a device that I thought was compromised, except to back up important stuff.

When I had my identity stolen online, I immediately did the following:
Change all my passwords
Start a new email and switched all financials over to that
Started using Keepass with very complicated, long passwords that even I can't remember
Put a security freeze on all 3 major credit companies

It sounds like it might just be your email address that was compromised. If so, that's pretty easy. Just start a new email with a different company (for example my issue was with Cox, so I started a Gmail account). Make the email address totally different than the current one because it's very easy for a hacker to just keep typing in the old one to new services to find your new one.

You can change your email and pass info on your Ebay account, also.
 

rapmarks

TUG Review Crew: Elite
TUG Member
Joined
Jun 6, 2005
Messages
9,630
Reaction score
4,764
Points
649
And that is WHY I do NOT pay bills thru the computer. And have a separate checking at a separate bank to use on the internet with an ATM card.

I have a very OLD bank account with no service fees, no minimum balances and FREE checks for life. And I HATE auto-drafting … it is much harder to know where my MONEY goes and control my cash flow each month. I was in 6th grade when I opened that bank account. My independent money was NOT known about by my parents … I spent a lot of time over at the neighbor's next door … playing with the horses kept there. Seems many of the horses stabled there belong to doctors whose daughters were suppose to ride and care for the horse … except their doctors' wives were the drivers and draggers of these young girls to their daily duties. These doctors' wives learned I could be paid to take care of the horses … and I set the prices. And got paid in CASH. My problem was I had to hide the cash but a BRAND new bank started up 1 mile away … with a promo of FREE CHECKS for life with no bank costs for LIFE.

Several years later, my Dad applied for a loan and was turned down. The bank manager suggested he just ask me for the money as I had that amount plus in my bank account. Dad would not pay me interest ….and he threw things at me saying I was "an ungrateful kid". I needed the money for school clothes … and scout camp. And my older brother made more money with his newspaper route … but he NEVER saved any of his money.

And yes, the bank has been merged with other banks over the years … and my 'free checks' still exist. But the number of 'vested fee bank' original account owners have seriously gone down. With ordering bank checks, I sometimes have to say "I have a 405 account" to a new teller … and an older teller explains, "No fee for ordering her checks".

I was in 6th grade when JFK was shot in Dallas, TX .. aka … the year I opened that account. .
I had an old bank accwith free checks and they just changed the rules. They also said up to five free copies a visit. I went in with something to copy and send off UPS. They wanted five dollars a page.
 

SmithOp

TUG Review Crew
TUG Member
Joined
Jun 17, 2010
Messages
7,609
Reaction score
3,403
Points
499
Location
Huntington Beach, CA
Resorts Owned
HGVC King's Land 2BR Premier 23.040K Points.
I haven’t used a bank in over 15 years, don’t pay anything for full service at my credit union, dont write checks. My CU even has a coin counting machine, free use unlike the Coinstar machines in grocery stores.

Back on topic... OP, another recomendation, turn on 2-factor authentication on your email accounts. Your financial accounts should already force you to use this. If its not offered, stop using it.


Sent from my iPad using Tapatalk Pro
 

JudyS

TUG Member
Joined
Jun 6, 2005
Messages
4,166
Reaction score
211
Points
448
Location
Ann Arbor, MI
Sorry to confuse everyone. The update that I added to at the beginning of my thread explains what happened -- my ISP kept changing my email password because lots of spam with invalid addresses was getting sent to my account. But, the ISP didn't do a good job of telling me they had changed the password.

As for being unable to sign in to eBay, in retrospect, that may be because this computer is used for two eBay accounts. I find Chrome often gets confused when it has multiple passwords for one site.

So, it seems that nothing happened other than spammers used my email address as the "reply to address." No one actually got access to my computer itself.

Maybe I should have asked a moderator to delete this thread? At any rate, if anyone encounters a similar situation, check to see if your ISP changed your email password. I wish I had thought of that sooner!
 

JudyS

TUG Member
Joined
Jun 6, 2005
Messages
4,166
Reaction score
211
Points
448
Location
Ann Arbor, MI
Dave, we were posting at the same time! Yes, two-factor authentication is a very good idea. One of the first things I did when I encountered this problem was add two-factor authentication to some accounts that don't actually require it.
 

davidvel

TUG Member
Joined
May 9, 2008
Messages
7,432
Reaction score
4,477
Points
648
Location
No. Cty. San Diego
Resorts Owned
Marriott Shadow Ridge (Villages)
Carlsbad Inn
Here's some help to those who experience the same thing and are worried. First, using your email as return address on spam or spoof emails is common. But these people have no acess to your email account whatsoever.

2nd, hackers generally wouldn't do this as it alerts you to their presence. They want to get your credentials to more important financial accounts.

3rd, you can check your sent folder on your email server to see if emails are actually being sent from your account. But again, this is very rare.
 

Brett

Guest
Joined
Jun 6, 2005
Messages
9,257
Reaction score
4,897
Points
598
Location
Coastal Virginia
And that is WHY I do NOT pay bills thru the computer. And have a separate checking at a separate bank to use on the internet with an ATM card.

I have a very OLD bank account with no service fees, no minimum balances and FREE checks for life. And I HATE auto-drafting … it is much harder to know where my MONEY goes and control my cash flow each month. I was in 6th grade when I opened that bank account. My independent money was NOT known about by my parents … I spent a lot of time over at the neighbor's next door … playing with the horses kept there. Seems many of the horses stabled there belong to doctors whose daughters were suppose to ride and care for the horse … except their doctors' wives were the drivers and draggers of these young girls to their daily duties. These doctors' wives learned I could be paid to take care of the horses … and I set the prices. And got paid in CASH. My problem was I had to hide the cash but a BRAND new bank started up 1 mile away … with a promo of FREE CHECKS for life with no bank costs for LIFE.

Several years later, my Dad applied for a loan and was turned down. The bank manager suggested he just ask me for the money as I had that amount plus in my bank account. Dad would not pay me interest ….and he threw things at me saying I was "an ungrateful kid". I needed the money for school clothes … and scout camp. And my older brother made more money with his newspaper route … but he NEVER saved any of his money.

And yes, the bank has been merged with other banks over the years … and my 'free checks' still exist. But the number of 'vested fee bank' original account owners have seriously gone down. With ordering bank checks, I sometimes have to say "I have a 405 account" to a new teller … and an older teller explains, "No fee for ordering her checks".

I was in 6th grade when JFK was shot in Dallas, TX .. aka … the year I opened that account. .

so you still use paper checks?
I haven't used an actual paper check in years. For me everything gets paid with bank draft, credit card or using the bill paying feature. and occasionally real cash money
 

VacationForever

TUG Review Crew
TUG Member
Joined
Dec 5, 2010
Messages
16,196
Reaction score
10,607
Points
1,048
Location
Somewhere Out There
We prefer to use paper checks because they get delivered more quickly than from the bank. But then our preference is to use credit card if the vendor accepts it without a surcharge.
 

WinniWoman

TUG Review Crew: Veteran
TUG Member
Joined
Jul 16, 2010
Messages
10,762
Reaction score
7,057
Points
749
Location
The Weirs, New Hampshire
Resorts Owned
Innseason Pollard Brook
so you still use paper checks?
I haven't used an actual paper check in years. For me everything gets paid with bank draft, credit card or using the bill paying feature. and occasionally real cash money

We rarely use checks for anything except right now with building a house I have to write checks to the builder as he does the so called upgrades and also have to pay rent each month, and also with selling our home- checks to the atty and for other things associated with it.

We went from never writing a single check to writing tons of them and I hope I have enough because we have a new bank and I only ordered 25. (We just burned like hundreds from our old bank account that were never used!)
 

Talent312

TUG Review Crew: Veteran
TUG Member
Joined
Jul 4, 2007
Messages
17,461
Reaction score
7,277
Points
948
Resorts Owned
HGVC & GTS
Contractors prefer paper checks, disliking the cost of accepting CC's. I used this to my advantage with my kitchen contractor... I could tell her I had a $$ transfer pending and I'd write her a check after the $$ showed up.

These days, I rarely write a check. Considering that the balances in our accounts (including our investments) are merely bits on a memory chip (not paper) -- IOW, what some computer says you have -- Why use paper to manage that? So I have no issue with using computers. To me, the level of encryption and authentication used is enuff.
.
 
Top