# Bank account takeover fraud. (Inside assist?)



## Bandproxy (Nov 19, 2021)

My bank account was recently taken over by a hacker and something about it leads me to conclude that had to have been inside help. 

First i received an email from my bank (DCU Federal Credit Union) stating that my password had been changed, and as a security measure wanted to notify me to ensure that it was an authoruzed change ( which it was not). I immediately attempted to log in and was declined access to my account. The next step i took (before bolting to our local branch to have them lock my account in place), was to try to reset my password clicking on the link to do that. When i did that i got a chilling message back from the DCU website stating that the Password Reset function has been disabled. So here is what struck me about that now that i had been completely locked out of my own account..... How was a hacker who had somehow obtained my member id and password even able to disable this feature. Seems to me, and i worked as a computer architect in high tech for 40 years, that this sort of feature is NEVER allowed to be configurable by a user, i.e., account holder. This sort of system instrumentation is reserved for internal system administrators and requires detailed knowledge of the website's design. So this has been really bothering me as it would seem that either someone with detailed knowledge of the website, or someone on the inside has assisted the hacker who commandeers a user's account. I was fortunate to be close enough to my local branch to have been able to rush down there and get the branch manager to lock down my account before it was emptied. On my return to the bank branch two days later to get a bank check written so that i could mail in a bill payment, that same branch manager informed me that another DCU Marlborough branch member was also hacked that very same day. And that they were not so fortunate and had their entire savings stolen. This is what leads me to believe that someone with detailed knowledge of DCU's online banking system, either a current or former employee may very well have been a party to these crimes.


----------



## KPD54 (Oct 30, 2020)

Bandproxy said:


> My bank account was recently taken over by a hacker and something about it leads me to conclude that had to have been inside help.
> 
> First i received an email from my bank (DCU Federal Credit Union) stating that my password had been changed, and as a security measure wanted to notify me to ensure that it was an authoruzed change ( which it was not). I immediately attempted to log in and was declined access to my account. The next step i took (before bolting to our local branch to have them lock my account in place), was to try to reset my password clicking on the link to do that. When i did that i got a chilling message back from the DCU website stating that the Password Reset function has been disabled. So here is what struck me about that now that i had been completely locked out of my own account..... How was a hacker who had somehow obtained my member id and password even able to disable this feature. Seems to me, and i worked as a computer architect in high tech for 40 years, that this sort of feature is NEVER allowed to be configurable by a user, i.e., account holder. This sort of system instrumentation is reserved for internal system administrators and requires detailed knowledge of the website's design. So this has been really bothering me as it would seem that either someone with detailed knowledge of the website, or someone on the inside has assisted the hacker who commandeers a user's account. I was fortunate to be close enough to my local branch to have been able to rush down there and get the branch manager to lock down my account before it was emptied. On my return to the bank branch two days later to get a bank check written so that i could mail in a bill payment, that same branch manager informed me that another DCU Marlborough branch member was also hacked that very same day. And that they were not so fortunate and had their entire savings stolen. This is what leads me to believe that someone with detailed knowledge of DCU's online banking system, either a current or former employee may very well have been a party to these crimes.


Call the FBI or secret service, locals dont have jurisdiction over bank transfers and financial crimes by a bank


----------



## Goose (Dec 1, 2004)

When you got the email that your password was changed, did you click any of the links in the email?


----------



## Bandproxy (Nov 19, 2021)

Goose said:


> When you got the email that your password was changed, did you click any of the links in the email?


There were no links with the email. It was an FYI. I read the email on my phone and then went to a computer and attempted to log in from there.


----------



## AB7 (Feb 12, 2019)

And you came to MassCops online forum for this answer…?


----------



## Bandproxy (Nov 19, 2021)

AB7 said:


> And you came to MassCops online forum for this answer…?


No. I came here to share what happened with the hope that possibly it would click with someone who could generate some traction in hunting down these souless aholes


----------



## KPD54 (Oct 30, 2020)

Bandproxy said:


> No. I came here to share what happened with the hope that possibly it would click with someone who could generate some traction in hunting down these souless aholes


call your local FBI or Secret Service field office
Here is new england 
FBI Boston
(857) 386-2000 
USSS Boston 
(857) 386-2000 

They both have the same number, its an answering machine thingy


----------



## Foxy85 (Mar 29, 2006)

TL : DR


----------



## CCCSD (Jul 30, 2017)

Bandproxy said:


> My bank account was recently taken over by a hacker and something about it leads me to conclude that had to have been inside help.
> 
> First i received an email from my bank (DCU Federal Credit Union) stating that my password had been changed, and as a security measure wanted to notify me to ensure that it was an authoruzed change ( which it was not). I immediately attempted to log in and was declined access to my account. The next step i took (before bolting to our local branch to have them lock my account in place), was to try to reset my password clicking on the link to do that. When i did that i got a chilling message back from the DCU website stating that the Password Reset function has been disabled. So here is what struck me about that now that i had been completely locked out of my own account..... How was a hacker who had somehow obtained my member id and password even able to disable this feature. Seems to me, and i worked as a computer architect in high tech for 40 years, that this sort of feature is NEVER allowed to be configurable by a user, i.e., account holder. This sort of system instrumentation is reserved for internal system administrators and requires detailed knowledge of the website's design. So this has been really bothering me as it would seem that either someone with detailed knowledge of the website, or someone on the inside has assisted the hacker who commandeers a user's account. I was fortunate to be close enough to my local branch to have been able to rush down there and get the branch manager to lock down my account before it was emptied. On my return to the bank branch two days later to get a bank check written so that i could mail in a bill payment, that same branch manager informed me that another DCU Marlborough branch member was also hacked that very same day. And that they were not so fortunate and had their entire savings stolen. This is what leads me to believe that someone with detailed knowledge of DCU's online banking system, either a current or former employee may very well have been a party to these crimes.


Nope. Not required to be an insider job. No detailed knowledge needed either.


----------



## Bandproxy (Nov 19, 2021)

CCCSD said:


> Nope. Not required to be an insider job. No detailed knowledge needed either.


Please explain how a user is able to disable the website's Reset Password feature. The inner workings of the website is only visible to authprized internal system administrators. Please explain how it could be done bu an logged in ordinary user with restricted user permisions? Thx


----------



## USAF286 (May 20, 2011)

What the hell is going on?


Sent from my iPhone using Tapatalk


----------



## KPD54 (Oct 30, 2020)

USAF286 said:


> What the hell is going on?
> 
> 
> Sent from my iPhone using Tapatalk


Something fucking stupid


----------



## CCCSD (Jul 30, 2017)

Bandproxy said:


> Please explain how a user is able to disable the website's Reset Password feature. The inner workings of the website is only visible to authprized internal system administrators. Please explain how it could be done bu an logged in ordinary user with restricted user permisions? Thx


YOU figure it out, mr years of computers.

I don’t give away information.


----------



## Foxy85 (Mar 29, 2006)

Hackers gon’ hack…


----------



## CCCSD (Jul 30, 2017)

Foxy85 said:


> Hackers gon’ hack…


Robbers be Robbin’.


----------



## Bandproxy (Nov 19, 2021)

CCCSD said:


> YOU figure it out, mr years of computers.
> 
> I don’t give away information.


Sure, just what I thought you'd say chief


----------



## CCCSD (Jul 30, 2017)

Bandproxy said:


> Sure, just what I thought you'd say chief


Glad to help out.
Enjoy the loss of all your money. Costco is having a sale on Ramen.

Chief has a capital C, dumbass.


----------

