Posted by Grow
Henagon

Suspicious access to computer and moving money in bank accounts

Hi,

I have a client who suspects that someone has access to his TeamViewer and is moving money from his bank accounts.

We're starting with the most obvious which is an IT company local in our town and will work backwards from there.

I cannot see from the Log files if there is a suspicious IP address being used to log in remotely and wondered if there is a way to upload the logs here safely for someone to have a look at and see if I am missing something?

Thank you,
James

3 Replies
3 Replies
Posted by Community Manager
Community Manager

Re: Suspicious access to computer and moving money in bank accounts

Hi @Grow 

Thanks for your message.

You could do the following:

  1. Inform the police and file the case
  2. Inform the bank
  3. Change the password for unattended access. Learn how.
  4. For the bank account: Change the password of the bank account and add a 2FA for online banking to avoid that a 3rd party can access the online banking
  5. Check the incoming_connections.txt in the TeamViewer folder to see incoming connections

I hope this info will help you. Please do not upload any logfiles to the internet. If log files are required for the investigation, only send them directly to the TeamViewer support via our ticket portal.

Thanks and best,

Esther

 

Posted by Grow
Henagon

Re: Suspicious access to computer and moving money in bank accounts

Thank you Esther for that information, we will follow it.

We looked at the file and all connections seem to be ok other than the very last one which looks nothing like any of the others.

I am assuming the hashed number holds the IP address and possibly the MAC address of the device that connected to the client's machine? Who do we contact to get that information as I don't see any other IP address information.

Many thanks, see attached blurred out image

PNG.png


@Esther wrote:

Hi @Grow 

Thanks for your message.

You could do the following:

  1. Inform the police and file the case
  2. Inform the bank
  3. Change the password for unattended access. Learn how.
  4. For the bank account: Change the password of the bank account and add a 2FA for online banking to avoid that a 3rd party can access the online banking
  5. Check the incoming_connections.txt in the TeamViewer folder to see incoming connections

I hope this info will help you. Please do not upload any logfiles to the internet. If log files are required for the investigation, only send them directly to the TeamViewer support via our ticket portal.

Thanks and best,

Esther

 


 

Posted by Community Manager
Community Manager

Re: Suspicious access to computer and moving money in bank accounts

Hi again,

After you informed the police they can reach out to us via email to privacy@teamviewer.com

Our security team will work together with the police.

Due to data protection reasons we can only share information with official authorities.

Thanks and best,
Esther