Massachusetts Cop Forum banner
1 - 17 of 17 Posts

·
Registered
Joined
·
5 Posts
Discussion Starter · #1 ·
My bank account was recently taken over by a hacker and something about it leads me to conclude that had to have been inside help.

First i received an email from my bank (DCU Federal Credit Union) stating that my password had been changed, and as a security measure wanted to notify me to ensure that it was an authoruzed change ( which it was not). I immediately attempted to log in and was declined access to my account. The next step i took (before bolting to our local branch to have them lock my account in place), was to try to reset my password clicking on the link to do that. When i did that i got a chilling message back from the DCU website stating that the Password Reset function has been disabled. So here is what struck me about that now that i had been completely locked out of my own account..... How was a hacker who had somehow obtained my member id and password even able to disable this feature. Seems to me, and i worked as a computer architect in high tech for 40 years, that this sort of feature is NEVER allowed to be configurable by a user, i.e., account holder. This sort of system instrumentation is reserved for internal system administrators and requires detailed knowledge of the website's design. So this has been really bothering me as it would seem that either someone with detailed knowledge of the website, or someone on the inside has assisted the hacker who commandeers a user's account. I was fortunate to be close enough to my local branch to have been able to rush down there and get the branch manager to lock down my account before it was emptied. On my return to the bank branch two days later to get a bank check written so that i could mail in a bill payment, that same branch manager informed me that another DCU Marlborough branch member was also hacked that very same day. And that they were not so fortunate and had their entire savings stolen. This is what leads me to believe that someone with detailed knowledge of DCU's online banking system, either a current or former employee may very well have been a party to these crimes.
 

·
Here comes the Wee-Woo man
Joined
·
190 Posts
My bank account was recently taken over by a hacker and something about it leads me to conclude that had to have been inside help.

First i received an email from my bank (DCU Federal Credit Union) stating that my password had been changed, and as a security measure wanted to notify me to ensure that it was an authoruzed change ( which it was not). I immediately attempted to log in and was declined access to my account. The next step i took (before bolting to our local branch to have them lock my account in place), was to try to reset my password clicking on the link to do that. When i did that i got a chilling message back from the DCU website stating that the Password Reset function has been disabled. So here is what struck me about that now that i had been completely locked out of my own account..... How was a hacker who had somehow obtained my member id and password even able to disable this feature. Seems to me, and i worked as a computer architect in high tech for 40 years, that this sort of feature is NEVER allowed to be configurable by a user, i.e., account holder. This sort of system instrumentation is reserved for internal system administrators and requires detailed knowledge of the website's design. So this has been really bothering me as it would seem that either someone with detailed knowledge of the website, or someone on the inside has assisted the hacker who commandeers a user's account. I was fortunate to be close enough to my local branch to have been able to rush down there and get the branch manager to lock down my account before it was emptied. On my return to the bank branch two days later to get a bank check written so that i could mail in a bill payment, that same branch manager informed me that another DCU Marlborough branch member was also hacked that very same day. And that they were not so fortunate and had their entire savings stolen. This is what leads me to believe that someone with detailed knowledge of DCU's online banking system, either a current or former employee may very well have been a party to these crimes.
Call the FBI or secret service, locals dont have jurisdiction over bank transfers and financial crimes by a bank
 

·
Here comes the Wee-Woo man
Joined
·
190 Posts
No. I came here to share what happened with the hope that possibly it would click with someone who could generate some traction in hunting down these souless aholes
call your local FBI or Secret Service field office
Here is new england
FBI Boston
(857) 386-2000
USSS Boston
(857) 386-2000

They both have the same number, its an answering machine thingy
 

·
Registered
Joined
·
1,472 Posts
My bank account was recently taken over by a hacker and something about it leads me to conclude that had to have been inside help.

First i received an email from my bank (DCU Federal Credit Union) stating that my password had been changed, and as a security measure wanted to notify me to ensure that it was an authoruzed change ( which it was not). I immediately attempted to log in and was declined access to my account. The next step i took (before bolting to our local branch to have them lock my account in place), was to try to reset my password clicking on the link to do that. When i did that i got a chilling message back from the DCU website stating that the Password Reset function has been disabled. So here is what struck me about that now that i had been completely locked out of my own account..... How was a hacker who had somehow obtained my member id and password even able to disable this feature. Seems to me, and i worked as a computer architect in high tech for 40 years, that this sort of feature is NEVER allowed to be configurable by a user, i.e., account holder. This sort of system instrumentation is reserved for internal system administrators and requires detailed knowledge of the website's design. So this has been really bothering me as it would seem that either someone with detailed knowledge of the website, or someone on the inside has assisted the hacker who commandeers a user's account. I was fortunate to be close enough to my local branch to have been able to rush down there and get the branch manager to lock down my account before it was emptied. On my return to the bank branch two days later to get a bank check written so that i could mail in a bill payment, that same branch manager informed me that another DCU Marlborough branch member was also hacked that very same day. And that they were not so fortunate and had their entire savings stolen. This is what leads me to believe that someone with detailed knowledge of DCU's online banking system, either a current or former employee may very well have been a party to these crimes.
Nope. Not required to be an insider job. No detailed knowledge needed either.
 

·
Registered
Joined
·
5 Posts
Discussion Starter · #10 ·
Nope. Not required to be an insider job. No detailed knowledge needed either.
Please explain how a user is able to disable the website's Reset Password feature. The inner workings of the website is only visible to authprized internal system administrators. Please explain how it could be done bu an logged in ordinary user with restricted user permisions? Thx
 

·
Registered
Joined
·
2,164 Posts
What the hell is going on?


Sent from my iPhone using Tapatalk
 
  • Like
Reactions: j809 and Foxy85

·
Registered
Joined
·
1,472 Posts
Please explain how a user is able to disable the website's Reset Password feature. The inner workings of the website is only visible to authprized internal system administrators. Please explain how it could be done bu an logged in ordinary user with restricted user permisions? Thx
YOU figure it out, mr years of computers.

I don’t give away information.
 
1 - 17 of 17 Posts
Top