security and online brokerage accounts

[Martha]

I read another article in Business Week this morning. Invasion of the Stock Hackers. The SEC has expressed concern that thieves are lifting passwords from home PCs and emptying online brokerage accounts.

Arriving home from a five-week trip to Belgium and India on August 14, a jet-lagged Korukonda L. Murty picked up his mail--and got the shock of his life. Two monthly statements from online brokerage E*Trade Financial Corp. showed that securities worth $174,000--the bulk of his and his wife's savings--had vanished. . . . The proceeds wired out of his account in six transaction of nearly $30,000 apiece. . . E*Trade says the computer in Murty's home lacked antivirus software and had been infected with code that enabled hackers to grab his user name and password.

E*Trade recovered some of the money and then reached a settlement with Murty.

The article goes on to say that brokers claim it is the customers responsibility to protect themselves. Nevertheless brokers may be concerned about customers getting scared away from online trading that they are starting to look at offering more safeguards.

 

[wabmester]

The only real protection against this is to avoid 5-week-long vacations in which you don't check your accounts.

Not only kddie hackers, but even Sony is getting into the stealth software biz. Some Sony music CD's will silently install software on your computer to ensure you don't copy their music. It was stealthy enough to avoid detection by any virus scanners. This reminds me of corporate ICE from Gibson's Neuromancer....

 

[Gone4Good]

Does the article say how they actually got the money out?  My login and password will let them execute trades but I'm not sure how they transfer money into another account unless they have also stolen my identity.  Vanguard won't even let me transfer money from my joint account into my individual bank account without a "signature guarantee" from our bank assuring my wife also authorized the transfer.  

I've worried about this too but I don't know how the dirty thieves actually get the money.

 

[wabmester]

It wasn't a Vanguard account. 

Lots of brokers are more lax in letting you add bank accounts for transfers or letting you do a wire transfer.   All Merrill Lynch needed from me was a fax with xfer instructions, for example.

 

[Gone4Good]

It wasn't a Vanguard account. 

Lots of brokers are more lax in letting you add bank accounts for transfers or letting you do a wire transfer.   All Merrill Lynch needed from me was a fax with xfer instructions, for example.

Seems like an added thing to consider when opening up brokerage accounts.

 

[Michael]

http://www.sec.gov/investor/pubs/onlinebrokerage.htm

 

[lazyday]

http://www.sec.gov/investor/pubs/onlinebrokerage.htm

Use a Security Token (if available). Using a security token can make it even harder for an identity thief to access your online brokerage account. That's because these small number-generating devices offer a second layer of security - a one-time pass-code that typically changes every 30 or 60 seconds. These unpredictable pass-codes can frustrate identity thieves. While fraudsters can use keystroke logging programs to obtain regular username and password information, they can't use these programs to obtain the security token pass-code. Ask your brokerage firm if you can protect your online account with a security token or similar security device.

Anyone ever hear of a broker offering this?
Would help convince me to switch to them.

 

[Martha]

Does the article say how they actually got the money out?

The article says the thieves had the broker wire the proceeds to a phony account in the owner's name at Wells Fargo. The broker thought the wire transfer instructions were legit because they contained the security code the company emailed to the owner to execute the transaction. The problem was that the thieves got access to the owner's email too.

 

[Martha]

Anyone ever hear of a broker offering this?
Would help convince me to switch to them.

Apparently E*Trade now offers ID tokens that generate new login codes to those with accounts over $50,000.

 

[lazyday]

Apparently E*Trade now offers ID tokens that generate new login codes to those with accounts over $50,000.

Thanks, glad to hear this, hope it becomes a trend. And hope is used to confirm phone transactions too.

Unfortunately, I had a bad experience with Etrade years ago, and have read they have terrible service, so don't plan to use them.

 

[Gone4Good]

The article says the thieves had the broker wire the proceeds to a phony account in the owner's name at Wells Fargo. 

This sounds like a case of stolen identity. I guess its possible that with all the info on ones computer, the hackers could have stolen enough to allow them to open a phony bank account too. Pretty scary stuff.

 

[Michael]

Millions of Americans have been the victim of identity theft. Its out of control.

 

[lazyday]

Reuters article

The agency said it had recently become aware of many situations in which individual brokerage accounts were hacked into and money stolen.

 

[farmerEd]

This sounds like a case of stolen identity.  I guess its possible that with all the info on ones computer, the hackers could have stolen enough to allow them to open a phony bank account too.  Pretty scary stuff.

Which further answers the question that was posed on another thread recenly about why some of us go to great lengths to destroy hard disks from old pc's before donating them or throwing them out while others ask "do you really think someone is interested in what you have on your old pc?"