Every time the public thinks it has a handle on cyber crime, hackers come up with something new to throw into the mix. Reports this week name the newest targets for cyber criminals: online brokerage houses, which have lost millions of dollars in an online fraud that is apparently the latest in the world of hacker couture.
Reports from online broker E-Trade Financial Corp state that the company has been compromised by hacker attacks originating from crime rings in Thailand and Eastern Europe. The hackers recently cost E-Trade clients up to $18 million through tactics that include hacking into customer accounts and making unauthorized stock trades. The scam starts with the hackers installing keyloggers either on a victim's unguarded personal computer or on a public computer station, such as those found in a library or hotel. The keyloggers are used to gain access to a customer's brokerage account, at which point the hacker will wait until the customer logs off, log himself in with the victim's user name and password, and use the account to sell the customers existing stock shares.
The money made from the sale of those stocks is used to purchase microcap stocks, which are low value stocks that are inexpensive and usually are not traded in large volume. The purchase drives up the value of this stock, shares of which the hacker has already bought at a lower price through another account. The hacker is then able to sell his own stock and make a profit. Meanwhile, the victim is left with an account full of unwanted, low value stock and has lost any money earned from their previous portfolio.
E-Trade and other companies affected by the scam, such as DT Ameritrade, plan to reimburse the money their customers lost, though the companies are not required by law to do so. The Federal Bureau of Investigation (FBI) and the Securities and Exchange Commission (SEC) are investigating the issue, and many online brokers are stepping up to the plate and offering customers information on internet security and access to security software.
In the spirit of this gesture, the E-Trade Financial Corp website lists some tips that can help you protect your account and personal information both on and off their site:
- Use anti-virus software.
- Use a personal firewall package.
- Use current versions of software and operating systems (and keep them patched/updated).
- Secure your wireless network.
- Use your own computer.
- Choose strong passwords and change them regularly.
- Use a unique ID and password.
- Protect yourself against identity theft.
- Use the strongest encryption available.
- Empty your temporary Internet files or cache folder when finished.
- Test your system for vulnerabilities.
- Be prepared for problems.
Additionally, it is recommended that online traders avoid trading or checking brokerage accounts from public computers and avoid opening or clicking links in any emails sent from an online broker, as the email could easily be part of a phishing scam. If you think you have been a victim of online trading fraud, contact the FBI's Internet Crime Complaint Center at http://www.ic3.gov/.