Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

zoran

macrumors 601
Original poster
Jun 30, 2005
4,819
135
The other day a money transfer was made from my MacBook (MacOSX 10.13.6) as if it was me. Someone must of used my ebanking l/p and made a money transfer. I have no idea how this was done, but i cannot leave things as is.
I must find what happened but i have no idea what to look for. Is it possible to use some application that can spot what was hacked? If there is no application that can be used, what can i do? Should i delete the Mac OS and install a new one?
 
If the transfer was indeed made “FROM” your MBP (and not just made to look as if it was), the most likely scenario is that someone sat in front of it and did it.

How do you know the transfer was made from the MBP?
Where was the money transferred to?
Where was your MBP at the exact time of the transfer?

I hope you get tote bottom of this and manage to get your money back.
UK banks will often refund money lost to fraud, but you will need to push for it and demonstrate that it wasn’t made by you or anyone else in your household.
All the best.

EDIT: in the case of hacking, the most likely scenario is that your banking details are stolen and used from wherever the criminals operate.
 
Last edited:
  • Like
Reactions: Tagbert
Money was withdrawn from my account and the bank did manage to return it.
But they could not understand how it was done. They said either the l/p was hacked and someone made the transfer, or i was not carefull enough and gave it away, or the OTP numbers were hacked from Viber. All seem nonsense if you ask me, so im thinking of two options. Either my MacBook is hacked and someone has access to the l/p, or the bank faced a breach and my l/p was hacked.
 
How can the banking details be hacked? Could there be some app in my MacBook doing this?
 
If the transfer was indeed made FROM your MBP (and not just made to look as if it was), the most likely scenario is that someone sat in front of it and did it.
What if the tacker had stolen my l/p?


How do you know the transfer was made from the MBP?
Where was the money transferred to?
Where was your MBP at the exact time of the transfer?
I never said the transfer was made from my MBP
To some bank in Holland
In my house
 
Perhaps someone hacked your login credentials via wifi. Either set or change your wifi password. Never use public wifi. Also, change your banking credentials if not done already. When using banking website, allow tracking to let the bank know it is your ip address so in case of problems the bank can identify you.
 
2 step verification?
Always use 2 step verification. You put into your user name and password. Then the bank send you a code that you need to enter i norder to access you account. This is an essential protocol for online banking. If your bank does not offer it, look for a new bank.
 
Most likely someone guessed your password to your banking. It's highly unlikely your Macbook was hacked. This was most likely done on the web only. Unless someone had physical access to your computer without any protection of logins.

Passwords

If you use the same password for banking as anywhere else. Don't do that. Every password needs to be unique. Many websites have breaches and poor practices for storing passwords. There's huge lists of stolen login credentials shared, bought and sold. Those credentials will get tried on various sites. That's why every password needs to be unique.

If you use variations of the same password. Don't do that. If someone knows one password. They'll try common variations.

If you use any personal information for passwords. Such as birthdates, names, places lived and such of friends and family members. Don't do that. Your password may get guessed through social engineering.

If you use names of sports teams, movies, books, cities, states, &c. Don't do that. Those are commonly used by people. It's probably tougher to guess that personal info but still potentially guessable.

Use random sets of words. Such as quickbrownfox. But not that specific one. As that has now been published online. It's something a computer brute forcing passwords will eventually try.

Have a password management strategy. I recommend using a password manager to store all logins. Then protect the manager with one really good password. They can generate strong and random passwords for you. All you have to remember is the one really good password for your password manager. At the very least. Manage them manually with a password protected Excel workbook.

2FA (Two-Factor Authentication)

Turn on 2FAn all websites. This way on non trusted devices. Even if someone managed to get your password. They won't be able to login without the 2FA.

This is done in a variety of ways. It all depends on the website. Most will at least let you have them set it. To send an email or text message on login. So, that you need to enter the code sent to you when prompted. These are the weakest 2FA options. They are at least better than nothing.

Better ones will use a designated app on your smartphone for the 2FA. Where you'll be prompted to open the app and click allow for the login. Another being an authenticator app. Which may be used for authentication of multiple websites and generates a time sensitive random code. Such as Google Authenticator.

Security Questions

Some websites have horrible security practices and still use security questions for password and account recovery. Never answer these honestly. Anyone who knows you or who has researched your social media and public records will be able to figure out the answers. Just treat them like passwords and generate random characters or sets of words. Then store them in the notes section of your password manager or your spreadsheet. Don't lose them.

Logging In


Verify you are on the right website in your address bar. Websites get spoofed all the time. Save bookmarks of your important financial websites at least. So, you have a verified method of navigation to a website.

Never click links to websites from random emails or text messages. Doubly so for emails with account alerts. As there is so much fraud. They trick you to click some link. You see a fake (spoofed) version of the website. Enter your login credentials. Then they have them.
 
How can the banking details be hacked? Could there be some app in my MacBook doing this?
Unless you downloaded an app that has malicious code in it, not possible as even in hacking competitions Macs are not hackable using Day 1 and Day 2 restrictions.

If the hack originated from your device then someone physically used it to do so. There is no way around it. The other possibility is that your Mac was remotely used, it is not hacking as remote control software only requires the other person to know the codes which social engineering can easily provide.

My advice, enable 2FA and stronger passwords for online banking. Also, keep your Mac in sleep mode when not in use.
 
Even with your ip you surely still have to input your account number and password for the bank
Usually they have pretty good protection like a screen only keypad, some sort of 2 step activation or an app on your phone which you have to go into and authorise the payment. They spend a fortune on security
It's most likely someone has your password and account number. Where do you keep them?
They could have read a file somehow?
The most likely is you've used your credit card somewhere and your credit card details have been used.
Lots of businesses that are small have poor security and someone in Holland with your credit card details could buy something . People sell stolen credit card details online.
Transferring money? You need to see who the payment was paid through. Western Union? Paypal that sort of thing?
If it's directly from the bank then it's really hard to see how it could have been possible. It would have to be someone that has the details and the authority. On top of that the bank would be able to see who it was.
Are they telling you it was you that actually transferred money from your bank account? Not that it was taken from your account from somewhere else?
They tend to do things that are easy. Much easier to trick someone into giving details on a fishing scam or copy details down off a credit card.
You may have visited a fake page for the banking site in the past. Typed the name in google and ended up on a copy site, typed in your details and it was keylogged?
Did you ever try that and then the site didn't work at the time so you gave up and went back later that sort of thing?
No one is going to be able to tell you, the best they can do is look at possible ideas. There isn't even really that much info about what's happened.
 
Last edited:
My friend had someone drain $ from his bank account from a Wells Fargo ATM years ago. He had possession of his ATM card (so it wasn't stolen) and everything. Took a long time (months) for him to get the money back and deal with the whole thing. Wells Fargo made him go to the police to file a police report and ask the local branch for security camera footage (of course they were wearing head coverings).

Best you can do (as other posters here have said) is to secure your account with 2FA (an app or key if you can as SMS is not as secure). Not a lot of information to go off of here - but there's a lot of helpful information above.
 
Always use 2 step verification. You put into your user name and password. Then the bank send you a code that you need to enter i norder to access you account. This is an essential protocol for online banking. If your bank does not offer it, look for a new bank.
Are you referring to the OTP codes?
 
Ok guys, I think it’s best to delete everything from my MacBook, format the drive and install it all back again.
How would you suppose i do such a task?
 
Last edited:
Ok guys, I think it’s best to delete everything from my MacBook, format the drive and install it all back again.
How would you suppose i do such a task?
Disk Utility is where you can erase your drive. You should back-up your data first.
 
  • Like
Reactions: lostPod
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.