How was I hacked?

[Brokeandscared2020]

Hello,

I recently been a victim of identity theft and I really want to understand how someone or some group did this. 
 

So here is what happened: on 1/27/2020 I logged into my banking app and noticed several charges from my checking account to online casinos in NJ. These charges started on 1/3/2020 (and before you ask, yes I’m an idiot who doesn’t check their statement or banking app often). Whoever accessed my checking account was able to sign up for online casinos in NJ with my name and all my info such as date of birth, social security number, address and so forth. My checking account has been drained. I called the bank and they are telling me the activity came from my IP address and the casinos are saying that their geolocation places the transactions at my home. I do live in an apartment complex and the only other person in my home is my boyfriend (he is not computer savvy so I know it wasn’t him. Also I asked him and he said no). 
 

I looked into sim swapping but I never lost service on my phone.  I did sell my old iPhone online via Swappa. I did a factory reset on my phone before mailing it out. My bank is stating they do not believe these charges are fraudulent (basically they are saying I did this). 
 

I currently have a lawyer and disputing this issue with my bank. What I really want to understand is how this happened and how I can protect myself in the future. Any help or advise is greatly appreciated. 
 

sincerely,

broke and confused 

[kuyaya]

Hey, great you found your way to the Hak5 Forum.

What really confuses me are those several points (how they could do this): 

1. I assume that you have 2-Factor Authentication on, else you would be really dumb. Sorry but this is your banking account. It is hard to trick 2FA but it can be done, for example with a phishing site that also crabs your cookies. That means they got your cookies and the cookies tell your E-Banking website that you've logged in 2 minutes ago and you don't have to do 2FA right now.

2. I'm not an expert, but I think it is really hard to trick the ip address and that it still fits with the geological place. Idk how they did it, but I have an idea.

My theory on how they did this: I think you got tricked and they got access to your pc. Else, I couldn't imagine how they should trick all systems. My guess: they got your login password of your computer somehow. How did they got it? I don't know, maybe you got phished and your facebook password is the same as your computer password. Or they phished your Microsoft password, and with that they can also login to your computer. You can remotely log into a computer as long as you have the login credentials and the other computer is turned on. After they got access to your computer they logged into your banking account from your computer. Idk how your settings are but some people don't have to do 2FA from their personal devices each time they log in. How did they got your bank password? That's easy if they have access to your computer. 2FA is very important. That would also explain why it came all from your IP-address and your location. Because it was your computer who did it, he was just remotely controled.

What I recommend you to do: First of all, let your antivirus do a full scan of your computer. Maybe they did place a keylogger on your PC in case you would reset your passwords. If that would be the case, they would also have the new passwords, which would make your whole security crumble. Sometimes keyloggers also don't get detected by AV's, so be sure to look at the processes on the task manager from time to time and check if there are some suspicious apps running.

Second: Untrust all devices you have. By that I mean that your phone probably knows that your computer is a trusted device and won't message you if someone logs into a account of yours (from the computer). I would reset all passwords, untrust and re-trust your devices, and turn all possible security features on (for example 2FA). Just do a reset, like you would buy a new phone. I don't mean to do a factory reset or delete all files, just renew your accounts and passwords. I know this is a lot of work and it is very boring, but it is only for your security.

If you see again suspicious activity on your banking, immediatly block it. It saves you a lot of money and work.

let me know if there is anything else you would like to say

cheers