[SOLVED] Compromised again within days of changing passwords

[ptj01]

Last week my bank account was hacked and someone tranferred all of my money out of my account and sent it to theirs. This person logged in. I've done the dispute, police report and changed my password, put every alert I can in place. I logged in to my account yesterday and checked to see the last log in to see that someone had logged into my account again around 3am. I am completely paranoid now as I had just changed the password due to the initial compromise and now they knew my new password. Not only this, but when I called my bank and asked if they could block all transactions out they told me that it showed the login coming from my ip. I don't know how this can be and am trying to understand how someone could use my ip and how they are getting my information.

Would someone having my wifi password allow them to access my computer? In trying to figure this out the one thing I keep thinking about is we gave a friend our wifi password about 2 days before my account was hit. I've been cleaning my computer and it has not found much of anything that would suggest a keylogger. Yet, that's the only thing I can think it might be. I also saw in processes just now that I have a MaskVPN service running. I can't find it, could this be how I am being compromised? I need help on figuring this out as it is consuming me and it feels like nothing I'm doing is working. Also, I did change my wifi password today over the phone with Spectrum because I wasn't sure if I should do it on the pc.Not sure what else to do.

 

[borris618]

If your bank login allowes for it i would strongly recommend you to enable 2-factor authentication of some sorts. Either via an app or just add phone number to the account.
I'm not sure about the MaskVPN though; are other people using your pc? Do you have a password?

 

[ptj01]

If your bank login allowes for it i would strongly recommend you to enable 2-factor authentication of some sorts. Either via an app or just add phone number to the account.
I'm not sure about the MaskVPN though; are other people using your pc? Do you have a password?

Unfortunately my bank does not allow for 2FA and because of this I will no longer do business with them when the dispute is over. The only thing it will do is ask my security question and since it was from my ip. It more than likely wasn't asked. No one is using my pc other than me and my spouse, who also didn't know my new password.

 

[DSzymborski]

The first thing that should have been done after the first time is a complete format of your PC.

 

[Ralston18]

And turn off "Trust this device" on your computer.

Force the account login process to ask the security question(s) or otherwise verify your identity.

 

[borris618]

I'm kinda shocked that the bank doesn't have 2FA...
It should be forced by law to implement it in critical systems such as banks ect.

 

[mdd1963]

Once a computer and/or home router is compromised, you can't trust any device to safely make account/password changes...(alas, we have already discovered this, it seems)

However, you can flatten an OS (delete partitions) and reinstall from scratch. (likewise, routers can be hard reset to defaults, and most set to secure passwords, but, again, this means little if you do it from a compromised/keylogging device)

If you are fearful of yourself or family members picking up Windows keylogging malware, etc., I'd even consider a Linux Live CD , at least for doing your banking or anything with finances; Linux Mint 20.1 is quite easy to use....

 

[Nemesia]

Your system is probably compromised and it has a keylogger (a program that record what you type) and it probably has a trojan that let someone enter your system and control it the way they want. Even if you changed your password it doesn't matter because the moment you typed your new password they already knew what it was.

It was from your IP because they had access to your system and they did it from your system without you knowing it.

Someone said it up there. After the first time the thing that needed to be done was a full reinstall of Windows after a format of all the drives that was connected to the system. This is the only way to be sure that everything is gone so that you can be safe again.

I hope you're not using the compromised system right now writing this.