[fc-discuss] Financial Cryptography Update: George's story - watching my Ameritrade account get phished out in 3 minutes

iang@iang.org iang@iang.org
Wed, 6 Jul 2005 20:51:52 +0100 (BST) 

 Financial Cryptography Update: George's story - watching my Ameritrade account get phished out in 3 minutes 

                             July 06, 2005


------------------------------------------------------------------------

https://www.financialcryptography.com/mt/archives/000515.html



------------------------------------------------------------------------

On the morning of May 5 2005, I decided to work from home [writes
George Rodriguez in a great expose of how phishing is spreading through
American retail finance].

As I'm checking emails I start receiving email notifications from my
on-line broker Ameritrade.  The email notifications kept coming one
after the other, you just sold out of Duke, you just sold out of Home
Depot, you just sold out of Ford, I watched on my screen as the flurry
of emails kept coming across my screen, pretty much my entire portfolio
of Stocks was being sold out right before my eyes. I took notice of the
time when I received the first email confirmation, it was 9:31AM and as
you know the equity market opens up at 9:30AM.	My heart was racing, I
was stunned and I said to myself this can be happening to me, I'm a
business and technology savvy as I've worked for major investment banks
and brokers as a consultant in the areas of technology trading for
equity and fixed income markets.

I looked at my watch and it was now 9:34AM, it seemed like hours have
gone by. I picked up the phone and called Ameritrade and spoke to a
client-rep and walked him through the entire activities to my account. 
As I'm the phone with the client rep, I continue to get more email
notifications selling out more stocks in my portfolio.	I also noticed
an email that was sent to me by Ameritrade, you requested and have
changed your primary email address to some hotmail address I did not
recognize, the interesting piece of information on the email was the
time it was sent, 4:45AM.  I quickly related this information to the
client rep and asked him what bank information he had on file.	He went
on to say, you requested to have your bank account changed from
Wachovia bank to Bank of America in Dallas Texas. I said well let's get
on the phone with Bank of America and see who's behind the account. 
Well Ameritrade said we can't do that.	I said wait a minute, someone
is committing bank fraud, internet fraud as we speak and you can't
represent me your client?  No sir the client rep responded, you need to
call your local authorities, you mean the Sheriff as I live out in
Union County. I responded fine, well please give me the account number
and routing number for Bank of America I will call them myself, oh and
by the way cancel all these fraudulent trades and freeze the account, I
do not want any funds to move.	Luckily in the equity markets it takes
three days for the trades to settle before the cash is moved out, so
much for straight through processing and trying to settle and move cash
on the same day, a goal the industry is trying to move towards.

My first call was to Bank of America and it took a while to get though
to their fraud department and then trying to explain that it was not
the Bank of America brokerage arm but my on-line broker Ameritrade
where the fraudulent trades were placed.  I gave the BoA fraud
department the BoA account number now on file with my Ameritrade broker
and they confirmed it was their account but no available information
will be provided as it was not my account. Due to the Privacy Act they
need it to protect their customers, who's getting protected here I said
the thieves or the innocent victims.  I quickly hung up the phone and
called the Union County Sheriff and within 20 minutes a patrol car was
at my driveway, a bit weird for white collar crime but nevertheless a
police report was in order.  I greeted the officer, we sat in my office
and I gave him copies of all the emails, Ameritrade and bank
information for him to follow up with all parties.  He said, love to
help you but after I finish typing this up I will turn it over to the
detective and someone will be in touch with you.  I did receive a
police report number right away from him.  As soon as the police
officer left I filed a complaint with the Federal Trade Commission and
an electronic identity theft report with the FBI.  I got a call back
from the detective on Monday May 9, and we discussed the details of the
fraudulent activities.

I can't imaging what would have happened if I was away on vacation and
had no access to email for several days, over $50,000 would have left
my Ameritrade brokerage account and moved out to the fraudulent Bank of
America account which I'm sure would have been cleaned out right away. 
I'm sure I can't be the only one who has had this problem as these
on-line brokers have millions of accounts.  I'm not sure how my userid
and password were stolen, perhaps it is an inside job, my account is a
passive account as I only logged every six to eight weeks to check the
account, I don't day trade anymore since the dot.com crash.  But
another scenario can be I was hacked on my home computer as I have
timewarner road runner and a wireless network. I run Norton Anti-Virus
on my machines but unfortunately I don't have a secured firewall
running, again I'm not sure how secure these products can safe proof
your computer.	I'm now waiting for the local authorities, the FBI,
Ameritrade and Bank of America to provide me with information on how
and who is behind this attack.

George Rodriguez
Waterstone Capital Advisors
Partner
Email: george.rodriguez at waterstonecap.com
Web:   www.waterstonecap.com

-- 
Powered by Movable Type
Version 2.64
http://www.movabletype.org/