Hi all - thought I would pass along some interesting techniques hackers are using online these days - from the most recent Barron's edition (3.10.08):Hacking in to transfer money to an outside account.This one was quite interesting: "Rigging an investor's computer to buy penny stocks being sold by a crook at hugely inflated values."Changing your account address so future checks go directly to them.The article focused more on what brokerage firms are doing to combat security breaches and gave some overall advice on what best to do:First off, make sure to use 'https' when logging in to view online information.Some brokers are using token passwords that change every few minutes - the drawback is you'd have to "carry the token...usually on a key ring or in a wallet."Fidelity uses encryption so that the user info you enter cannot be read while it is going over the Internet.TD Ameritrade is introducing technology that remembers which computer client's use to log in to accounts - if from a different computer it requests additional information. I think this is pretty widely available for most brokers/banks already...Here's a novel approach: to eliminate hacker's ability to steal computer key strokes, TradeKing has users enter passwords "on an on-screen keyboard, using your mouse to select the appropriate characters."Other than that, there was a general description of algorithms firms use and other firewall or "intrusion detection" technology. Interesting stuff to read about overall, and so far it looks like brokers in general have been able to stay a step ahead of hackers..Any horror stories out there of ID theft or having account information compromised? I've had credit card information stolen from a Fidelity account, but they promptly credited the amounts after I alerted them...
Another reason I love IBKR. No way in hell someone can hack into my account. I have a token device and I had to jump through numerous hurdles just to change my email address with them. Had to fax them a copy of my driver's license and everything. Their security is insane and over the top, but well worth it.
Hi, I had the pleasure of being called at 1 AM (I live in Vietnam) by a Ameritrade rep: The conversation went more or less like this..."Do you now what time it is? ""Yes sir we do, it is now 1AM in Hanoi""Then why the ...""well we were wondering if you really intended to buy $200,000 worth of penny stocks on margin...""gulp.."Probably checked my account on a public computer that had a key logger installed. Glad they intercepted the trade. All trades were annnulled (and I had a net profit of 10,000 by then...sigh)Ton
Wow. Kudos to Ameritrade for their service. I often wonder how good the discount brokers are at catching these things.Glad they caught this for you!Best,Nate
Its a big problem, in fact its an actual industry, so hacker is a bit of a misnomer, its organized crime. If you go here you can see some new research from McAfee on market value for online bankinghttp://www.avertlabs.com/research/blog/index.php/2008/05/07/...All the big name banks are represented, and you can buy a username and password for about 8% of the account value. So a username and password for an account with $10,000 would sell for about $800. Here is the kicker - they offer a money back guarantee! So if it doesn't work you get a refund and can try again. Its a big industry with a lot of upside and no barriers to entry.-Gunnar
I don't understand how hacking into a brokerage account and conducting rogue trades can be "helpful" to the criminal. How do they get the money out? BTW, if you want the ultimate in security, I can't recommend IBKR enough. Accounts over 100K get a physical token and you wouldn't believe the hoops I had to jump through just to change my email address. It is almost annoyingly tight, but that's better than any change of a break in.Mark
Mark - they buy a bunch of a penny stock in their "real" account that they control. Then the steal/buy your username/password, log into your account and buy 6 figures worth of penny stock which drives up the share price. Then they sell at the higher price in their "real" account.http://www.google.com/search?q=pump+and+dump&ie=utf-8&oe=utf...Good times.-Gunnar
Gunnar,Wow! That is pretty damn scary!!! Makes me really glad I have a physical token. Hopefully, this device is full proof. I guess one needs to check their account daily in this day and age....Mark