Posted on 03/29/2011 4:00:12 PM PDT by FourtySeven
I thought I'd share this with you all, as some may benefit from this.
Today, I was called by Wells-Fargo's fraud protection department to let me know my online ID and password had been compromised.
Not only could they not tell me when exactly this occurred, or for what reason, but I was also told, I would have to run a full virus scan before they could restore my access. Now I could easily lie of course, although they make a point of saying that if an online scan truly was not performed, then they are not responsible for any unauthorized transactions. But all of this isn't the point.
I have a Macintosh, and I have never had a need to have anti-virus. From what I understand, it's impossible to get any kind of malware unless I knowingly download something, like a pirated movie or program, and purposely and knowingly install it on my computer. I have not done that. So the matter here is one of principle. I did NOT want to pay to get an antivirus program for a Mac, when it cannot POSSIBLY be my fault!
And even all of that wouldn't be such a big deal if I could know WHAT triggered this alert of "suspicious activity", so I could know what to avoid in the future. The only thing I've been doing in the last 72 hours is normal, Internet browsing. If this IS due to some kind of malware, how can I know where I got it? How can I know what site it came from??
If the antivirus program says I'm "clean", HOW can I trust that, when I thought I was "clean" BEFORE?
Now of course, what is going to happen is (as I write this now, a newly purchased antivirus program is running) I will find NO infection on my computer, and yet, have no sense of security as I will have NO idea what I did to compromise my online ID and password.
In ye olden days, your computer would be the first and only suspect. Today, there are many more possibilities. Chances are, you used the same username and password combination at another site, which was either unsecured or compromised.
The fix for this is to use a different password on every site, and let a password manager like lastpass handle them for you. Highly suggest that you check out Lastpass.com, and use their browser plugin with your browser of choice. It’s free.
I understand your annoyance with their security department, but given that fraud claims are usually reimburseable, the security habits of their customers are a liability to them.
I’d get a new card for sure but I think whoever called you was trying to get your info..I doubt anything really happened to your card, just someone trying to commit fraud on you. A few months ago I got a phone call from my Visa card, telling me that someone had attempted to(and failed) to charge 400 bucks at Hugo Boss, they never asked me for any personal info like the last four digits of my social security number, so I just told them to cancel the card and send me a new one which they did..Turns out that the online store that I had recently bought a TV mount for my TV had been hacked and hundreds of credit card numbers were stolen..Luckily for me my credit card company I guess was aware that I have never ordered clothing using my credit card before so they immediately saw it as a red flag that all of a sudden I would try to purchase 400 bucks on men’s clothes
I would scan your computer anyway but I think your fine..never heard of a Mac getting a virus, in fact, that is why many love Mac’s so much(Even though Im a PC girl myself) if you have caller ID check it and see the phone number..I think someone was trying to swindle u
You can get malware through email as well as websites. Some antivirus programs scan sites to tell you if they are questionable. No antivirus will find every virus or malware.
Macs can get viruses. It’s just that most viruses are targeted at PCs, since they form the bulk of the potential targets.
About the call itself—I hope you did not give any account information over the phone. It might have been “phishing”—where someone claims to be from that company, in order to get your information. The most prudent course of action would be to call the phone number printed on your bill or credit card. Unless you initiated the call to a number you know belongs to Wells Fargo, you cannot be sure you are actually talking to a company representative. The same applies to emails: never follow any links or call any numbers in those emails.
I received an email recently from Citibank about possible fraud on my card; I called the number on the back of my card, not the number in the email (which was different). It turned out the email was legitimate, but I had no way of knowing for sure.
Technically anything you install could be a trojan, doesn’t just have to be a pirated movie, doesn’t have to be a pirated anything, could be something disguised as a perfectly reasonable free tool.
And you don’t necessarily have to buy anti-virus, there’s plenty of free stuff out there (I know I just said any free tool could be a trojan, that’s why you have to stick to the safe parts of the net like TuCows and Download.com and Apple).
Wells Fargo isn’t telling you what security you should have, they’re just reminding you that your computer’s security isn’t their business. If you have malware and if that malware has snagged up your bank password that is your problem, they try to use security and warn customers when things seem odd but if you don’t fix the root problem (assuming it’s a problem at all) then that’s your problem not theirs.
WF often fails at being polite, but they often have a point. And things wouldn’t be that different with another bank, except hat bank might not have warned you.
Couple of weeks ago wells put a hold on my card for a recurring transaction that has been running for a couple of years. Go figure
Verified the problem in the branch, then called the number on the card
Yes, and no suspicious charges have cleared. The balance is still what I expected it to be.
Now I don’t know if there’s a suspicious HOLD on the card, because the phone system doesn’t tell me that, and of course, I don’t have online access.
Did you verify that the call was actually from Wells Fargo?
That’s the thing I can’t figure out though (at least without their help).
I will now list with precision the programs I have installed in the last 72 hours:
1. An update to Adobe Reader
2. An update to Microsoft Office for Mac.
And that’s it!!! I haven’t installed anything else in any reasonable time frame.
And even beyond all that, as I think I said before, I haven’t even logged onto Wells-Fargo in 2 weeks! I rarely USE the card in question. The only reason I haven’t cancelled it is, because I USED to use it a lot, and thus it has a lot of reward points on it, but those will go bye-bye if I cancel the card.
I just can’t figure out HOW this happened! I can’t figure out how I can determine what happened if they won’t tell me WHEN this precisely occured! That’s another reason I posted this, I’d like to know what went wrong and how to avoid it!
Yes, thank you yes.
I have considered for a LONG time getting one of those password managers, but it seems to me it’s just another target for malware. I mean no offense, but how do you know it’s not as vulnerable as any other free plugin? Actually if you could convince me that would be great, because I’ve thought that would be a good solution.
But here’s the rub: The only site I use that password and username combination are Wells-Fargo and Wachovia (which is now part of Wells-Fargo of course). That’s it! There is no other site. I have memorized many passwords and/or usernames for many other sites.
I do not know how my username AND password were hacked like this.
Well here's the annoying part too: When I called to restore the access, and I asked them why I need to run the program, they said pretty much what you did. But then when I tried to lie and say I already ran it, they WOULDN"T BELIEVE ME! I then said, "So are you calling me a liar?" I was put on hold for like 5 minutes, and THEN told, "If you do not run a full system scan of your computer, and you have unauthorized charges to your account after it is restored, then Wells-Fargo will NOT be responsible for those charges." So, in a way, they ARE trying to tell me what kind of security to run on my computer.
I mean let’s put it this way:
I AM running a scan now. If I call them back at this point, they are going to give me the same disclaimer again, fine.
But what IF a fraudulent charge shows up? THEN I HAVE TO “PROVE” I RAN A SCAN WHEN I DID? HOW AM I SUPPOSED TO DO THAT?
This is CRAZY!!!!!!!!!!!!
That is not correct.
http://www.zdnet.com/blog/security/safarimacbook-first-to-fall-at-pwn2own-2011/8358
Weak passwords, and username/password reuse
I know you're a Mac user, but this is a handy tool from people that know quite a bit about vulnerabilities...Microsoft Password Checker
Adobe Flash, Adobe Reader, Adobe Shockwave, Java, Firefox, Safari, QuickTime, etc. all have had numerous updates to fix vulnerabilities that are easily taken advantage of by simply visiting a website or even just viewing a malformed picture. Once you’ve done the deed, a keylogger can be easily sent to your computer. It doesn’t even matter if you have an antivirus, because unless it has a very-up-to-date definition or is really good at heuristic detection (with the need for a perfect definition), you’re screwed.
Viruses are no longer any real problem on any platform, as viruses basically go through email. It is all the other malware and vulnerability concern that you’ve got to worry about, and Apple systems are vulnerable to much of that.
Ok thanks.
For one, that’s another mystery here: I haven’t visited any sites that could possibly be considered “suspicious” in the last 72 hours. But still, thanks for the lesson.
This brings me to a question that I believe needs answered though: How do you guys, CM and TChad protect against such activity? It seems that what you are saying is, any site you visit could install a keylogger. So how can you protect against that, if antivirus won’t even pick it up?
Frankly, I wouldn't put it past banks making these claims to consumers just so they'll purchase identity protection, etc. I've used nothing but Macs, do all my banking online, and purchase all the time online using my cards. I only access them from home, and I have never had any of my bank sites compromised. Is it possible that you connected to your Wells Fargo site using a different computer and network?
Thanks.
Did you call Wells Fargo to verify. There are people using their name to scam people and there is nothing they can do about it. Happened to me 2 weeks ago and there was nothing wrong w/my acct.
Pray for America
I did connect to Wells-Fargo about 2 weeks ago through my iPhone. On the 3G Network, not my home network.
But that was 2 weeks ago. < sigh > What, the hackers waited two weeks to use the access “suspiciously”?
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.