Key Loggers Strike Online Brokerage Houses

from the costly-security dept

One of the more popular identity theft scams these days is to use keyloggers to get someone's bank account info and then take their money. However, it looks like some organized crime groups have taken this up another level with some online brokerage houses. Apparently, both TD Ameritrade and E-Trade were recently victims of multimillion dollar frauds when identity thieves used all of the accounts they had collected up to stage a huge pump-and-dump scam. Basically, they collected a large number of logins to various accounts. But rather than directly going in and stealing the money, they used all of these accounts in a short period of time to buy certain stocks, pushing the value up, and allowing themselves to sell large quantities of the stock. Both brokerage houses said they had to cover their customers losses out of pocket, with E-Trade paying $18 million and TD Ameritrade spending $4 million. Both claim they're trying to make sure this doesn't happen again, mainly by being able to spot such frauds faster. Still, it is interesting to see how these identity theft scams continue to evolve -- and how they're clearly getting increasingly sophisticated.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    christoph, 25 Oct 2006 @ 5:01am

    this is very sad...

    the commen thief is pshing the market, i feel for the AOL PSHERS world wide...i feel for you

    link to this | view in chronology ]

  • identicon
    Steve, 25 Oct 2006 @ 5:22am

    IE7 FF2

    With IE7 and Firefox 2 the phissing filters will help clear up a big problem.

    link to this | view in chronology ]

    • identicon
      Corey, 25 Oct 2006 @ 6:55am

      Re: IE7 FF2

      It is foolish to think that new versions of software will compensate for a users lack of common sense and general stupidity.

      link to this | view in chronology ]

  • identicon
    Nunya, 25 Oct 2006 @ 6:28am

    funny

    Its very easy to install a keylogger when you got click happy people in this world, when will people learn...

    link to this | view in chronology ]

  • identicon
    abross, 25 Oct 2006 @ 6:54am

    Other countries require some type of chip or second form of identity besides a password. American companies have argued that such systems are not feasible, even though they are widely adopted outside the US.

    I am guessing that better security will suddenly become feasible in the US if a few more companies get hit with big fraud claims.

    link to this | view in chronology ]

  • identicon
    Trouble Maker, 25 Oct 2006 @ 7:29am

    two cents worth

    The Army spends $450.00 on a rifle and requires soldiers to have at least 84 hours of training with it a quarter.

    The Army spends $3000.00 on a computer and lets soldiers use it without any training.

    It is like climbing into the cockpit of a airplane without flight school.

    link to this | view in chronology ]

    • identicon
      Oliver Wendell Jones, 25 Oct 2006 @ 8:55am

      Re: two cents worth

      I'm curious as to where you got these numbers?

      I find it highly unlikely that the government obtains M-16A1 rifles that cheaply, especially the way they overpay for everything else.

      Also, as a 3 year Army veteran, I can personally state that after completing 3 months of basic training, I never again saw or handled a rifle for the rest of my term of service. There wasn't much need for them in the hospital where I was stationed.

      link to this | view in chronology ]

  • identicon
    no no no, 25 Oct 2006 @ 8:20am

    UNREAL

    A common theif huh! LOL A song i once heard said you got to give credit where credit is do, and it is amazing at how these scams have evolved.

    TO PUSH THE MARKET! UNREAL! and BRILLIANT in its own way!

    link to this | view in chronology ]

  • identicon
    Matthew, 25 Oct 2006 @ 8:26am

    What are these companies and

    why aren't they (more?) responsible towards these actions?

    A teenager sent out one of the first emails regarding "the next great stock" and that company was fined even after they alerted the Stock Exchange that something weird was going on. Even if the culprits are overseas, this money is hardly untraceable is ut?

    link to this | view in chronology ]

  • identicon
    joseguia, 25 Oct 2006 @ 9:55am

    All they have to do is get you select an image as part of the password , so when you login you would have to select the picture you chose initally, as long as the pictures change often and shuffle around there should be no way a keylogger could determine that.

    link to this | view in chronology ]

  • identicon
    Solo, 25 Oct 2006 @ 10:18am

    At this rate of mislabeling things, soon armed robbery and car jacking are going to be called identity theft.

    Stealing somebody's password and using her account is fraud, not identity theft. Stealing credit card numbers and using them is credit card fraud, or plain theft.

    Ameritrade and E-Trade are covering for the losses. Credit card fraud is covered except for the first $50 (by law)

    Identity theft is having someone impersonating you and typically applying for loans in your name, pocketing the money and leaving you high and dry. Good luck to clear your credit history.

    link to this | view in chronology ]

  • identicon
    Geoff, 25 Oct 2006 @ 10:23am

    Why oh why

    With all these new-fangled tools at the con-artist's disposal, why is it that King Fuatumallomallo of Nigeria is still trying to get me to open a bank account for him to tranfer 4 million billion dollars that his dead father the King of Swallowswallowgulp left him when he died fighting for his freedoms?????

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 25 Oct 2006 @ 2:00pm

    Are the comments monitored/filtered so we can's spell phishing correctly?

    link to this | view in chronology ]

  • identicon
    Jack, 25 Oct 2006 @ 5:15pm

    All inexperienced computer uses should be forced to buy a Dell. After a grueling hour with their tech support, they will go out of their way not to mess their pc up again.

    link to this | view in chronology ]

  • identicon
    |333173|3|_||3, 25 Oct 2006 @ 8:06pm

    Re: funney

    Users will learn about the same time they learn that .PIF is not an image. Still, serves them right, and pays for the pr0n sites.

    link to this | view in chronology ]

  • identicon
    John Evelyn, 26 Oct 2006 @ 12:45am

    More about share fraud on Get Safe Online

    Get Safe Online is a UK government initiaitive designed to help citizens and small businesses protect themselves online. We run a blog too and this has some useful links and tips about online share fraud.

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.