In this tarnished age of identity theft, where cyber-savvy thieves are making unauthorized bank withdrawals and ringing up fraudulent credit card charges on unsuspecting victims, it was really just a matter of time before high-tech hackers hit the booming online brokerage industry.
The Washington Post ran a story yesterday depicting a troubling trend that is starting to nibble at the heels of fast-growing discount brokerage outfits. Last week, E*Trade
E*Trade is doing the right thing; it will cover the losses. TD Ameritrade
What's behind all of this nefarious activity? What can you do to protect yourself? Will the booming online brokerage industry suffer if this continues to get out hand? These aren't easy questions to answer, but I promise to tackle them all.
What's going on here?
An identity thief will make a forged copy of your driver's license and then make a beefy withdrawal at a local branch for the love of money. An unscrupulous credit card bandit will go on a shopping spree for the love of material things.
The new breed of brokerage account hacker isn't looking to milk your account dry. There are safeguards against that, since account redemptions would be delivered in your name to your home. No, a broker hacker is simply after the ability to pump up a thinly traded stock's price by selling your stocks and then using the proceeds to snap up shares of a targeted speculative stock in your account.
Remember the Internet chat-room hypester? The one who would tout some obscure penny stock that he had recently purchased in the hopes of creating a buying frenzy that he could sell into? That kind of "pump and dump" chicanery eventually evolved into email and online message-board hype. The feat always had the same fatal flaw: It relied on the stupidity of the recipients of its message to act on the outlandish investing advice.
Today's cybercrooks are simply cutting out the middleman. They use your account to fire up the "pump," in order to "dump" from their own account shortly thereafter.
Are you the next victim?
You can protect yourself. You just need to understand a little about how intuitive stock market thieves are tapping into your account. Their most widely used approach involves installing spyware in your computer that logs passwords and then mails them to the hackers. You are probably well-versed on the proliferation of spyware, adware, and computer viruses. They are often seen as mere malicious nuisances to your computer, but they can also let clever hackers get to know you a little better.
In short, the best investment you can make to protect your online transactions is to install good protection software that keeps the baddies out in the first place. There's a reason why active computer junkies have no problem handing over their dollars to companies like Symantec
You can also be very careful about anything you do online when you're away from your protected computer. If you're at the local library, or surfing the Web at a hotel's business center, try to avoid checking on your brokerage account. You don't know where that connection's been, so practice safe computing.
And just in case you aren't up to speed on phishing tactics, you should never click on any links provided in any email that purports to warn you of a breach in one of your accounts. Those deceptive links will only hand over your login information to the online perpetrator. Even though this scam mostly targets the turf of online payment services or established banks, it may be just a matter of time before phishing attempts start posing as popular brokers. Ignore the emails. If you are mildly curious, make sure you type in the site's URL yourself.
Deep trouble for deep discounters?
It took so long for online brokers to earn the trust of old-school stock buyers. It would be a pity to see this scary trend frighten off investors in the future. I don't think it will happen. Even companies with healthy local branch coverage, like Charles Schwab
The brokerages will grow more cautious in flagging accounts that are in the process of wholesale makeovers. The FBI and SEC are already looking into this, and they will get more efficient in tracking down the hackers before they have a chance to liquidate their accounts to offshore banks.
Hackers are crafty. They'll find another game to play. Just make sure to stay on your toes. Check your account often from a secure location -- or, better yet, have trade confirmations emailed to you.
You and I are going to make enough bad trades on our own over the next few decades. Let's hope that "the hacker made me do it" becomes simply a whimsical response in the future.
Schwab is a Motley Fool Stock Advisor recommendation, while McAfee was a former pick of that service. Symantec is an Inside Value recommendation. The Motley Fool has a sponsored broker comparison table to compare several of the discounters that advertise on our site.
Longtime Fool contributor Rick Munarriz does not own shares in any of the companies in this story. The Fool has a disclosure policy. He is also part of the Rule Breakers newsletter research team, seeking out tomorrow's ultimate growth stocks a day early.