I don't know if you NJ residents saw this last Wednesday in the Star Ledger. It is an article called Cyber-thieves Show Risk in Internet Investing and it highlights how TD Ameritrade and E*Trade both had customers who had their accounts fraudulently accessed to the tune of $4 million and $18 million respectively. According to the article, there were two methods that caused customers of these brokers to lose money. The first is the one you'd suspect - people get access to your account and liquidate it, while the second involves selling stock after using the victim's account to pump the stock up. At first, I thought, ho hum article, but then I had lunch with an old friend and now think this story has a little more legs to it.
The first criminal act is pretty straight forward, but lets take a look at the second act - pumping and dumping stock. Here's what my friend told me the other day:
- Cyber-thieves, mostly the over-seas kind (Eastern Europe, Asia), monitor WiFi hotspots and public PCs with software that can capture keystrokes.
- The cyber-thieves of course would love to get your passwords for your financial accounts, but any account will work. Why? They know your secret which is you are too lazy to setup multiple passwords and will recycle the same one over and over again.
- So, you log onto your MSN Mail account, they get your password and then try it over at other accounts. Of course, they'll need an account number, but if they can go to such lengths to get your password they certainly can get your account number.
- Now, they get into your account and use your funds to buy cheap penny stocks which they also hold in their own brokerage account.
- Since the penny stocks don't have a ton of volume, they can pump the stock up by using your account to buy tons of this penny stock and then dump their shares making a nice profit.
- At the end of the day, you have your identity compromised and worthless stock in your portfolio.
When TD Waterhouse and Ameritrade were merging, we worked on an email that we were going to send to customers of both of these brokers that basically said, how safe is your money in a merger? Thankfully, it was scrapped because a few weeks later we were being acquired by E*Trade. However, the strategy behind that email is valid. How safe is your money when it is being moved? Are your account numbers being mailed to you? How about your password? Do you know how to login to your new account and how secure is it? So, here are my suggestions to you as a veteran of the online brokerage world for 5 years to help you navigate this area:
- Change your PASSWORDS or at least come up with a different ones for your financial accounts. Don't use these passwords.
- Set your portfolio up at your favorite financial website (Yahoo Finance) so you can track your positions in real time
- Never, I repeat, never use a free WiFi location to access your actual financial website. You know that warning you get about the access being unsecure? Well it is. Use #2 above to track at these WiFi spots.
- Be very cautious about emails from your financial services company. In fact, turn them off altogether (yes I wrote that). These emails can be phished so that you receive what looks like a legitimate email but it is in fact loaded with links that take you to a website where they steal your keystrokes. That's why I think financial services companies should be using secure RSS feeds for communicating.
- Watch your accounts at least once per week. Besides being the bare (and I mean bare) minimum for investing, you should monitor it regularly for possible use.
Choosing your online broker or bank should be based primarily on security. With stock transactions fees in the under $10 range, and unless you are an Active Trader, what difference should that mean to you especially if you buy big enough lots. Research and tools? Well that is nice, but you can always go elsewhere and besides how much do you rely on that research versus Bob at the water cooler?
Put your money in places that are secure and change your passwords. Security sounds boring and often doesn't make for good advertising (unless your are Citi), but it is all that really matters when it comes to your money. Oh wait, one more thing also matters - change your passwords.