Bank Says I Have To Have Computer 'professionally Cleaned.'

[Austin Allegro]

Hi all, perhaps any IT experts can help.

I recently had my online bank account access suspended. The bank said there had been a failed attempt to hack my account.

I had to reset passwords etc but the bank's fraud department said I had to have my computer 'professionally cleaned' because it might have a virus (or definitely does have a virus - she wasn't clear which).

My laptop has virus protection from my employer and I'm going to discuss this with them on Monday, but in the meantime does anyone know if this is a. necessary and b. how it's done? I couldn't get the girl on the phone to explain what it meant as her accent was impenetrable. I said 'do I have to take it to a shop' and she just said 'it has to be done professionally.'

I need my laptop for work and it will be tricky for me to do without it for a while...can the bank even enforce this?

[Riedquat]

Sure it was your bank you were talking to? Sounds pretty dubious to me.

[19 year mortgage 8itch]

Tell her you bought a new one.

[Austin Allegro]

Sure it was your bank you were talking to? Sounds pretty dubious to me.

Yes, I had to go into the branch and prove who I was, then they put me through on the phone to some Scottish call centre.

[SarahBell]

Reinstall your OS?

[SarahBell]

http://www.trusteer.com/products/trusteer-rapport

[Austin Allegro]

http://www.trusteer.com/products/trusteer-rapport

Thanks this looks good - I think the 'man in the browser' virus was what she referred to.

I already have virus protection (Trend) so will this trusteer thing clash with that?

Also I've no idea what 'reinstall OS' means...

[ChumpusRex]

A common way for accounts to get hacked, is for a password to be compromised. This can happen because you use the same password on multiple sites, and one of those sites is negligent in how they store the password. Alternatively, malware installed on your computer can detect when you are browswing to financial sites, and will store your passwords as you type them, forwarding them onto an attacker.

There are various other ways of hacking, but these are more difficult to perform (but also more difficult to detect).

My understanding is that banks are moving away from passwords to accounts, in favour of one-time codes generated by a bank card. These generally are much more secure.

My guess, and it is only a guess, is that someone has been trying to log in with your username/account number but has been entering the wrong code. Whether this is a malicious attack (e.g. someone found your username and thinks they found a password), or whether it is some random who has forgotten their username and tried repeatedly to log in using yours, is difficult to tell.

I'd suggest scanning your computer with a good anti-virus, and also give it a go with stuff like MalwareBytes Anti-malware and CCleaner. These generally do a reasonable job of removing most unwanted software. If you have more than one, I'd suggest doing the same on each.

I'd suggest changing passwords on important accounts - it's worth using a password tool like "keepass" which can generated very complex completely random passwords and store them for you at the touch of a button.

Many banks also offer some security software called Rapport. This is designed to defeat "key logging" viruses on your computer, by encrypting your keypresses when it detects you accessing secure sites. High end internet security packages e.g. Kaspersky do the same thing.

Edit: Someone specifically mentioned "man in the browser". Essentially, this is a virus that infects your web browser, and steals information from it (passwords/codes), or injects information into it (a bank transfer request, for example). Again, good quality internet security software (not just antivirus) has multiple methods of blocking this; again, if your bank provides it for free, the Trusteer Rapport software is good at protecting against this.

It's well worth restricting online banking use to a separate browser to the one you use for normal day-to-day use. These viruses tend to get installed by browsing to malicious sites, so minimizing the use of the browser except for banking, mitigates the risk a bit. E.g. if you normally use internet explore, consider installing chrome and restrict chrome only to online banking.

[sPinwheel]

Also I've no idea what 'reinstall OS' means...

Wiping the contents of the computer and installing the operating system. Essentially a blank slate, but grab a copy of any files you want to keep....which is a bit if a weak link as they might be where the problem started.

[Austin Allegro]

A common way for accounts to get hacked, is for a password to be compromised. This can happen because you use the same password on multiple sites, and one of those sites is negligent in how they store the password. Alternatively, malware installed on your computer can detect when you are browswing to financial sites, and will store your passwords as you type them, forwarding them onto an attacker.

There are various other ways of hacking, but these are more difficult to perform (but also more difficult to detect).

My understanding is that banks are moving away from passwords to accounts, in favour of one-time codes generated by a bank card. These generally are much more secure.

My guess, and it is only a guess, is that someone has been trying to log in with your username/account number but has been entering the wrong code. Whether this is a malicious attack (e.g. someone found your username and thinks they found a password), or whether it is some random who has forgotten their username and tried repeatedly to log in using yours, is difficult to tell.

I'd suggest scanning your computer with a good anti-virus, and also give it a go with stuff like MalwareBytes Anti-malware and CCleaner. These generally do a reasonable job of removing most unwanted software. If you have more than one, I'd suggest doing the same on each.

I'd suggest changing passwords on important accounts - it's worth using a password tool like "keepass" which can generated very complex completely random passwords and store them for you at the touch of a button.

Many banks also offer some security software called Rapport. This is designed to defeat "key logging" viruses on your computer, by encrypting your keypresses when it detects you accessing secure sites. High end internet security packages e.g. Kaspersky do the same thing.

Thanks this is very helpful. I suspect that the bank saying 'professionally cleaned' is just covering their back. I don't see how they can enforce it or make it a requirement.

[stormymonday_2011]

Try Puppy Linux run from read only CD. Runs in memory and gives a clean operating system on each re boot. Just ensure you only visit the online bank during the session.

http://krebsonsecurity.com/2012/07/banking-on-a-live-cd/

[Austin Allegro]

Wiping the contents of the computer and installing the operating system. Essentially a blank slate, but grab a copy of any files you want to keep....which is a bit if a weak link as they might be where the problem started.

I've read this is what some 'professional cleaners' do anyway. It seems a bit pointless since as you say the problem might be in the files I want to keep.

[stormymonday_2011]

Or you could try the following which won't even mount a hard drive or any other writeable media.

http://www.spi.dod.mil/lipose.htm

[stormymonday_2011]

The basic being don't mix secure and insecure browsing on the same machine.

[stormymonday_2011]

Can you name and shame the bank? What's the method you use for logging in online (i.e. is it just a password or a code generator)?

To be homest it doesn't sound like the call centre know what the heck they're talking about, hence all the bluster you got.

In addition to your work anti-virus I'd run some other common (and free) anti-malware software like microsoft security essentials, sypbot search and destroy and 'crap cleaner' and see if anything is picked up.

If you wanted to be very paranoid you could use a program like d-ban to completely erase your hard drive then reinstall the OS but if your password is already compromised that wouldn't help.

I'd also ring the bank back and demand very specific instructions.

It does not surprise me. Online security at many UK banks such as Lloyd's is a bit of a joke. FFS some don't offer proper 2FA which should be a minimum. BTW I refuse to use Online Banking because I think the security is so pathetic.

[Austin Allegro]

Can you name and shame the bank? What's the method you use for logging in online (i.e. is it just a password or a code generator)?

To be homest it doesn't sound like the call centre know what the heck they're talking about, hence all the bluster you got.

In addition to your work anti-virus I'd run some other common (and free) anti-malware software like microsoft security essentials, sypbot search and destroy and 'crap cleaner' and see if anything is picked up.

If you wanted to be very paranoid you could use a program like d-ban to completely erase your hard drive then reinstall the OS but if your password is already compromised that wouldn't help.

I'd also ring the bank back and demand very specific instructions.

Natwest.

I could barely understand what the girl was saying as her Scots accent was inpenetrable (I'm Scots myself so it must have been bad) and the call centre was noisy.

Method for logging is customer number, user name and password. I don't know if I can change any of these without going through some sort of procedure at the bank, so I'm not sure how a 'code generator' would work.

Also, would any of this malware detector stuff clash with my existing anti-virus?

I'm certainly going to use a dedicated browser for financial stuff though - very good idea.

I'm going in to the bank again soon and will ask some more questions about security.

[Austin Allegro]

I was going the other way. Are you absolutely certain you are talking to the bank and its call centre?

The bank website flashed up a message that I had to call a call centre. I called them and they asked me security questions, which I failed, because I couldn't bring up my account online to verify what they were asking. So I had to go into the branch and prove who I was, the manager then called the fraud centre in front of me in his office, and I spoke to them.

So unless some criminals have set up a website, call centre and London branch with employees all done up to look like a bank, then yes, I'm pretty sure I was talking to the bank!

[Austin Allegro]

If I use a dedicated browser for internet banking only, I'm guessing it would also be a good idea to remove that browser from my computer every so often and reupload it, just in case any 'man in browser' type things are on it?

Or can 'man in browser' viruses jump from one browser to another on your computer?

[Bossybabe]

FWIW, my bank, Santander, offer Trusteer free when you first login to their online site.

[The XYY Man]

FWIW, my bank, Santander, offer Trusteer free when you first login to their online site.

Santander...? You were lucky.

My copy of Trusteer is free from Yorkshire Bank - to log-on you have to be thrashed to sleep with a broken bottle, then get up half an hour before you went to bed and install your PC in a hole in the road...!

But try telling that to the identity-thieves of today and they won't believe you...

XYY

[Bloo Loo]

One of my clients had this same advice.

He did have a virus on his PC, so cleaned with AVG and Malwarebytes...et voila, professionally cleaned.

Oh yeah, removed Chrome and got him to use a fresh browser...firefox.

[Boomer Baby]

With Lloyds, I've used a 3-stage system to date: (i) USER ID followed by (ii) password then (iii) a code generator that produces a 6 digit number.

Lloyds tell me that from the New Year I no longer use the code generator but various characters/digits from my Memorable Information.

I've no idea how good or bad a system that is but assumed the code generator was reasonable security and the new method seems to have been introduced to save users having to take the code generator with them if they access their accounts "on the move".

Backward step or if they're both bad systems....any recommendations for more secure online banking?

[Austin Allegro]

Right, so maybe someonw has been trying to guess your password. I would think the bank should be able to change your user name and password if you requested that. Do you have to supply all the characters from user name and password or just some of them each time?

Anti-malware software shouldn't clash with your other software but maybe temporarily deactivate the existing stuff while scanning your computer. You can then uninstall the anti-malware stuff (if you want) and reactivate your existing software.

I wouldn't bother with a different browser really. If you keep an eye on your accounts and notify your bank when you spot a problem it shouldn't be a concern. I don't think this is a man-in-the-browser issue either. If it was a successful MITB they'd probably have all of your details and be able to log in.

I don't have to supply all the characters, it has one of those first, third, fourth letter things.

OK so here's my action plan:

1. Run virus check - done - about forty viruses in cookies were revealed. Not sure why the virus protection system didn't pick up on these.

2. Check with the IT wallah at work on Monday morning to see what they say - not holding my breath as they don't do much at the best of times

3. Use a dedicated browser for financial stuff just in case, with no cookies or downloaded stuff allowed

4. Run some anti-malware software

5. Change all passwords with bank

[SarahBell]

Backward step or if they're both bad systems....any recommendations for more secure online banking?

People presumably lose the stupid keyfobs or they're easy to steal?

Ours are locked up in the safe. I assume not everyone has a safe though.

Avoid online banking.

[happy_renting]

So unless some criminals have set up a website, call centre and London branch with employees all done up to look like a bank, then yes

They have.

They are called banks.