My Bank Wants a "Professional" Virus Scan of My Computer!

Just interested to know the community's view on my situation.

About two weeks ago I was the victim of a cyber attack. It all started immediately after my mobile phone number was illegally SIM swapped see previous post. Within minutes of this occurring, the attacker was able to reset the passwords to several of my bank accounts (we are all vulnerable to this type of attach unfortunately). The good news is that all banks were able to thwart the loss of any funds fortunately.

But here is the rub. I was able to get all my online banking backup and operating with minimal effort. However, one bank is making it much more difficult to reinstate my internet banking. They told me that they wanted a written statement from my telco explaining, how the attack occurred, when it occurred and that my number was safely back in my hands and safe from future attacks. They also wanted screen shot scans of Malwarebytes and Trend Micro internet Security scans. Finally, that I had changed my email password. I now use BitWarden password manager on all bank related logins with 12-16 character random alphanumeric strings including symbols! So, I complied to my banks request and sent all the information that they requested.

However, it now turns out that this is insufficient for them and they want to change the goalposts again. Now they want me to take my computer to an "professional IT person" to have it scanned. I told them that I have what I think are above average computer skills since I code in Linux and have used Windows platforms for all of my professional career. I even offered to allow them to remote in to my computer, under my supervision, so that they can run their own suite of programs. They said they could not do that and insisted on an "IT professional scan". I put it to them that if they want me to do this then they reimburse me for out of pocket expenses-they said they are considering that.

Now, I know that a lot of you out there that read this forum have pretty high computer literacy skills compared to the masses (otherwise you probably wouldn't be reading this forum, right!!).

So, can you educate me as to what skills/programs/antivirus scanners etc that an "IT professional" would/could use or have access to that I could NOT do/obtain or use myself?

Comments

  • +2

    "I'm sorry, but this is my work's laptop and they don't allow me to install unauthorised software".

  • +2

    Sounds a bit ridiculous and overreaching. Change banks, name names.

  • Ask the bank for proof that they have consulted IT professionals.

  • Change banks

  • I left a bank years ago when they dropped support for the browser I was using (Opera 12)
    Could you please name the bank here so that I can leave it if I'm a member?
    I'm guessing it's HSBC based on their paranoia but I really hope it's not UBank.

  • +1

    next weeks forum post - "I was cyber attacked, got my money back but then it happened again because my bank did not tell me to get a virus scan, now not willing to reimburse me"…

  • Just tell'um you changed to a new computer and ditch the bank.

  • -1

    what even is a professional computer scan? I'm fairly computer literate because I work with software, but I skipped the security course at uni and these days when i have a problem i just reformat my computer entirely. all the computer virus scans ive ever tried have either been ineffective or adware themselves.

    • -1

      generally if it is done right they would take the drive out or at least boot from a USB/CD/esata drive and scan the filesystem from a seperate OS so you can make sure the system hasn't been rooted. you can never completely trust a scan of a running system where you are adding the AV after the fact as there are many ways to hide root kits from AV scanners once installed.

      • not sure exactly what rooted means but yes in my experience no scan will fix a computer once infection even a reinstall doesn't work you need total reformat because the virus is in the os. and id be too scared to put a suspected infected drive into another computer in case the virus moes on to that computer. im guessing that is what a root kit means? surely the hardware can't be infected right?

  • Time to change banks, as simple as that. Ridicules demand, why you'd want to stay with a company demanding that is beyond me.

  • I had BOQ request this after suspicious login attempts.
    I still have them, can't touch the savings but can meet the monthly bonus criteria without online banking access.

  • +1

    Change banks; simple.

  • Tell 'em to get stuffed.

  • +1

    I work in Cyber Security though not for an MSP so my experience is on my dealings with them and my company. As far as I'm aware there are no Security firms that I know of that deal with you on a consumer level. They only deal with you on an enterprise level and are very expensive. The only IT professional help you'll get is your Corner IT shop/Geeks 2 u service who'll run the same tool you can get your hands on.

    Your traditional AV scanner won't help as this isn't some malware that got on your machine. You're likely the victim of a targeted attack, you've been profiled and they know your banks and what phone number it's tied to. How they got that, I don't know, but you probably got phished.

    I don't work with banks but I assume their reasoning is to cover any liability they have and not one of a technical nature. If you need to stay with the bank give them what they need. This stuff happens even to the best of us. Just try be more diligent. Cyber Security is not a matter of how IT savvy you are, it's being diligent and always being careful. i.e. Never clicking on email links and going to the website yourself, staying clear of Free wifi, always checking your logon history, etc.

    • all wise words and very sensible comments, thank you. I tend to agree with you in all that.

    • You're likely the victim of a targeted attack, you've been profiled and they know your banks and what phone number it's tied to.

      Isn't that more reason to close the bank account/ /accounts that have been compromised?

  • I'd be going to a different bank.

  • I would simply buy a new phone and new computer

    • Or factory reset phone and delete partitions and reinstall OS…. its FREE… i dont know why people dont do this anymore.. pc runs faster too.

  • Have them send someone, considering they value your business so much. Put it on Tiktok, too.

    achew
    'scuse me

  • Tell them that you don't have a computer.

  • IT Professional here, there's no "standard" for an IT professional so it's literally a stupid request.

    What do I have access to that you don't? I guess a few channel only tools that I could use but for the most part nothing. Hell windows defender ranks more highly than other AVs these days.

    If anything they should be requesting a cybersecurity professional, I believe there is a governing body or association that you'd want your consultant to be accredited with.

    If you have half decent linux skills, you're already ahead of half the "IT Professionals" that someone like yourself, ie a residential user is going to be able to get to assist them.

    Just tell the bank you run slack linux and you can't find an IT professional with such expertise.

  • Hey OP, I only have one question for you. You seem to be quite good with computer skills, so do you know exactly how you got compromised? Was it through your PC or Mobile? or through sharing same passwords with a lot of websites?

    As for your questions, for PC, I only use Malwarebytes, AVG Antivirus (it's sh!t, considering changing it), and COMODO firewall, all freewares, but I do have sh*t load of addons on my Chrome, my main browser for surfing the net. These include, Adblock, Adblock Plus, NoScript, Pop up Blocker, Privacy Badger and uBlock.

    • still not certain as the attack vector unfortunately, but in the meantime, I have lifted my security about 3 levels higher still.

  • -1

    I think what many are forgetting is that this cybersecurity procedure is most likely written by a dinosaur who thinks that people have a single desktop family computer at home for doing their finances, and a CD-rom with "Mavis Beacon Teaches Typing"

  • I've been subject to credit card fraud before and later suspected it was due to movie torrents I was downloading - but I don't know that. I was only using a free virus scanner. Now I only download torrents on an old phone dedicated to that purpose, and never use a credit card on that phone.

    The bank may want to ensure that the fraudulent activity was not an indirect result of something you're doing like downloading torrents. It's pretty onerous though.

  • +1

    If you didn't lose anything or have your money back then why stay. Not worth the hassle. Just close your account and go somewhere else.

  • +1

    to completely rid your computer of any baddies, use "tron script". google it. it's a automated script that's kept up to date by some die hards on reddit. it will do everything for you and takes 30min-8hours to complete.

    yours sincerely,
    the professional IT person

    • I checked that out, looks interesting. Thanks for the pointer, nice find!!

    • To be 100% sure just backup files to usb or usb hard drive… delete partitions when reinstalling windows

  • +1

    Given it was a simcard attack, not a malware/virus, they are being ridiculous. There's every chance that the person who came up with the idea to ask you this has no idea what they are talking about.

    • +1

      It is not just simcard attack. Simcard attack is just to get the 2FA.

      The crook also gotten the bank login id too and not just one bank but several banks's login id.

      • Yeah, agreed, it's unlikely one can reset the password without knowing the username and the customer id as well.

        Or other security questions…

      • None of which has anything to do with the poster's computer.

        • OP's computer is likely hacked and he saved bank account details in the computer. More chance of that than anything else.
          Unless OP stores all bank account user ID in his email where hacker could hack into.
          I just try to forget user id on big 4 banks. None of them allows to retrieve user id with just email and phone number. All of them require you have your bank card.

  • Get a quote from https://www.fireeye.com/mandiant/incident-response.html and then tell the bank please pay upfront or stfu.

    I dunno they'll probably quote you $2000-$10000 be sure to include your phone etc as needing forensics.


    As for your questionL sure there are some scripts here and there that people have made over the years but most of the stuff is open eg. https://forensicswiki.xyz/page/Main_Page

    You might lack the skill but paying a mob who are the Australian version of https://www.bestbuy.com/site/services/geek-squad/ for a couple of hundred won't have the skill nor the time to do anything you can't.


    I'd recommend getting them to put it in writing if they haven't already. Only because the act of writing a letter turns it from "get this sucker off the phone asap" into hm.. crap someone might see this.

    And they might realise what they are asking is stupid.

  • +2

    My impression is that they're wanting you to find a new bank. Don't be loyal to banks when they're not loyal to you

  • +1

    Haven't read through all posts, so unsure if anyone else has suggested this, but could you..
    - take an image of your PC's hard disk (e.g. using Macrium Reflect Free edition)
    - reset Windows without keeping data, and installing anti-virus on the fresh Windows installation - taking video / photographs of this wipe and re-installation process
    - send the video / photos to the bank, showing that there should no longer be any compromise, and no reason to take to professional since you're redoing the PC from scracth
    - once bank has re-instated your account, place your original image back on… (or instead just use it as an opportunity to start fresh).

  • install linux

    unless you are in someway attached them then close your accounts with the bank in question

  • +3

    Just tell them you got a new PC instead.

  • +2

    Every random thinks they are an IT expert these days. I don't blame the bank for wanting it done. Just get it done or change banks.

  • -1

    i work in IT security and i advise you to run a chkdsk

    • chkdsk is useless if you don't do a defrag after 🙄

      • The defrag is only effective after running ipstat

    • -1

      I am an admin… just backup.. delete all partitions and reinstall
      The OS.. there is nothing left on the ssd / HDD / nvme left to do

      adwcleaner is my go to for a quick check

      • I am a walrus…

        Just seal the usb ports.

    • these forums are dense, can't even detect sarcasm.

      lmfao.

      • You neg me after I also made a sarcastic comment? roflmfaso.

  • Westpac did this to me (virus software} under similar circumstances to the OP, the best and easiest way to avoid this SIM swap and or port issue is to have a dedicated secret SIM thats only used for important stuff….the big vulnerability with SIM reordering is the customer call centre, if basic info of the target is known then its reasonably easy to get past the call centre security.

  • -1

    Buy a cheap windows 10 laptop, use if only for online banking and purchases. Less chance of any future attacks, but youll never be completely secure.

  • I work as a technician in a computer store and at least a couple times a month we have an elderly person who has been instructed by their bank to have their computer professionally checked after being scammed.

    • It begs the question why people so easily fall victim to scams

      • Well a lot of elderly struggle with the rapid advancement of technology and have difficulties understanding how it all works in the first place. That fact coupled with the creative and crafty ways scammers are now trying to get in is leading to these situations.

  • You're asking the wrong sort of questions.

    It's not about what to do with your computer, what software you use, how skilled you are, or being able to prove to them certain things. And they certainly can't remote into your computer and do it for you lol… they are bankers not IT professionals. They just want to outsource it and get someone who is a paid professional (re: not you) that hopefully has their business and work insured, to give the all clear, and "sign off" on a letterhead so they can make claims against them later if they didn't do the job.

    You wont be able to provide them that comfort no matter how good your IT skills are.

    Either find such a professional, or you'll have to tell them that their claim is ridiculous and ask where the terms state you have to undertake this non-sense.

    Alternatively, just tell them you destroyed and discarded the PC. What are they gonna do?

    • Proof of destroyed computer and proof that is the computer that you used before :D

    • -1

      Formatting and reinstaling windows/linux is much easier then what you stated.

  • What bank? Why is it a secret?

    • -1

      It’s not a secret, I revealed it in several places in this post-don’t be lazy !!

  • Tell them that you use linux or chromeOS.

  • +1

    Backup your files on a portable hsrd drive or usb stick… format and reinstall windows 10 fresh from USB… nothing beats that not even the best scan. Lol.. the bank will be happy

  • It's just liability, the bank is insured too so when they cover your lost money they claim it back from someone else. Get a paper from a random IT 'professional' and give it to them so they can file it and be able to cover you the next time you get scammed. If you insist, the IT professional might even let you sit in with them and let you watch them run defender on your computer before giving you a letter.

  • Westpac has 6 character passwords (no symbols) and ING has 4 digits… It's funny how banks can act all righteous without pulling their act together

    • Although I agree that 4 digit PIN is woeful, banks take the burden of that risk so it’s not really your problem.

      Many banks have probably weighed the risks and deem it safer to force people into a rigid password scheme than allow them to use… most likely, the same password they use for everything else.

Login or Join to leave a comment