Key Loggers Strike Online Brokerage Houses

from the costly-security dept

One of the more popular identity theft scams these days is to use keyloggers to get someone's bank account info and then take their money. However, it looks like some organized crime groups have taken this up another level with some online brokerage houses. Apparently, both TD Ameritrade and E-Trade were recently victims of multimillion dollar frauds when identity thieves used all of the accounts they had collected up to stage a huge pump-and-dump scam. Basically, they collected a large number of logins to various accounts. But rather than directly going in and stealing the money, they used all of these accounts in a short period of time to buy certain stocks, pushing the value up, and allowing themselves to sell large quantities of the stock. Both brokerage houses said they had to cover their customers losses out of pocket, with E-Trade paying $18 million and TD Ameritrade spending $4 million. Both claim they're trying to make sure this doesn't happen again, mainly by being able to spot such frauds faster. Still, it is interesting to see how these identity theft scams continue to evolve -- and how they're clearly getting increasingly sophisticated.


Reader Comments (rss)

(Flattened / Threaded)

  1.  
    identicon
    christoph, Oct 25th, 2006 @ 5:01am

    this is very sad...

    the commen thief is pshing the market, i feel for the AOL PSHERS world wide...i feel for you

     

    reply to this | link to this | view in thread ]

  2.  
    identicon
    Steve, Oct 25th, 2006 @ 5:22am

    IE7 FF2

    With IE7 and Firefox 2 the phissing filters will help clear up a big problem.

     

    reply to this | link to this | view in thread ]

  3.  
    identicon
    Nunya, Oct 25th, 2006 @ 6:28am

    funny

    Its very easy to install a keylogger when you got click happy people in this world, when will people learn...

     

    reply to this | link to this | view in thread ]

  4.  
    identicon
    abross, Oct 25th, 2006 @ 6:54am

    Other countries require some type of chip or second form of identity besides a password. American companies have argued that such systems are not feasible, even though they are widely adopted outside the US.

    I am guessing that better security will suddenly become feasible in the US if a few more companies get hit with big fraud claims.

     

    reply to this | link to this | view in thread ]

  5.  
    identicon
    Corey, Oct 25th, 2006 @ 6:55am

    Re: IE7 FF2

    It is foolish to think that new versions of software will compensate for a users lack of common sense and general stupidity.

     

    reply to this | link to this | view in thread ]

  6.  
    identicon
    Trouble Maker, Oct 25th, 2006 @ 7:29am

    two cents worth

    The Army spends $450.00 on a rifle and requires soldiers to have at least 84 hours of training with it a quarter.

    The Army spends $3000.00 on a computer and lets soldiers use it without any training.

    It is like climbing into the cockpit of a airplane without flight school.

     

    reply to this | link to this | view in thread ]

  7.  
    identicon
    no no no, Oct 25th, 2006 @ 8:20am

    UNREAL

    A common theif huh! LOL A song i once heard said you got to give credit where credit is do, and it is amazing at how these scams have evolved.

    TO PUSH THE MARKET! UNREAL! and BRILLIANT in its own way!

     

    reply to this | link to this | view in thread ]

  8.  
    identicon
    Matthew, Oct 25th, 2006 @ 8:26am

    What are these companies and

    why aren't they (more?) responsible towards these actions?

    A teenager sent out one of the first emails regarding "the next great stock" and that company was fined even after they alerted the Stock Exchange that something weird was going on. Even if the culprits are overseas, this money is hardly untraceable is ut?

     

    reply to this | link to this | view in thread ]

  9.  
    identicon
    Oliver Wendell Jones, Oct 25th, 2006 @ 8:55am

    Re: two cents worth

    I'm curious as to where you got these numbers?

    I find it highly unlikely that the government obtains M-16A1 rifles that cheaply, especially the way they overpay for everything else.

    Also, as a 3 year Army veteran, I can personally state that after completing 3 months of basic training, I never again saw or handled a rifle for the rest of my term of service. There wasn't much need for them in the hospital where I was stationed.

     

    reply to this | link to this | view in thread ]

  10.  
    identicon
    joseguia, Oct 25th, 2006 @ 9:55am

    All they have to do is get you select an image as part of the password , so when you login you would have to select the picture you chose initally, as long as the pictures change often and shuffle around there should be no way a keylogger could determine that.

     

    reply to this | link to this | view in thread ]

  11.  
    identicon
    Solo, Oct 25th, 2006 @ 10:18am

    At this rate of mislabeling things, soon armed robbery and car jacking are going to be called identity theft.

    Stealing somebody's password and using her account is fraud, not identity theft. Stealing credit card numbers and using them is credit card fraud, or plain theft.

    Ameritrade and E-Trade are covering for the losses. Credit card fraud is covered except for the first $50 (by law)

    Identity theft is having someone impersonating you and typically applying for loans in your name, pocketing the money and leaving you high and dry. Good luck to clear your credit history.

     

    reply to this | link to this | view in thread ]

  12.  
    identicon
    Geoff, Oct 25th, 2006 @ 10:23am

    Why oh why

    With all these new-fangled tools at the con-artist's disposal, why is it that King Fuatumallomallo of Nigeria is still trying to get me to open a bank account for him to tranfer 4 million billion dollars that his dead father the King of Swallowswallowgulp left him when he died fighting for his freedoms?????

     

    reply to this | link to this | view in thread ]

  13.  
    identicon
    Anonymous Coward, Oct 25th, 2006 @ 2:00pm

    Are the comments monitored/filtered so we can's spell phishing correctly?

     

    reply to this | link to this | view in thread ]

  14.  
    identicon
    Jack, Oct 25th, 2006 @ 5:15pm

    All inexperienced computer uses should be forced to buy a Dell. After a grueling hour with their tech support, they will go out of their way not to mess their pc up again.

     

    reply to this | link to this | view in thread ]

  15.  
    identicon
    |333173|3|_||3, Oct 25th, 2006 @ 8:06pm

    Re: funney

    Users will learn about the same time they learn that .PIF is not an image. Still, serves them right, and pays for the pr0n sites.

     

    reply to this | link to this | view in thread ]

  16.  
    identicon
    John Evelyn, Oct 26th, 2006 @ 12:45am

    More about share fraud on Get Safe Online

    Get Safe Online is a UK government initiaitive designed to help citizens and small businesses protect themselves online. We run a blog too and this has some useful links and tips about online share fraud.

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This