Search By Topic:

Popular Topics:



News & Features | May 2nd, 2012

Stopping Identity Theft When You Trade Online

Jan Legnitto

If you’re one of the millions of investors who plays the stock market, you’re probably hooked on the convenience and the lightning speed of online trading.  Unfortunately, so is another group – hacker-traders who are hijacking consumer brokerage accounts and exploiting them for financial gain.

How could it happen?  Because online trading involves conducting securities transactions in real time, stopping identity theft is far more challenging than it is for other financial institutions. Credit card companies and banks can put a transaction or an account on hold while they investigate suspicious activity.  But if online brokerage firms do that too often, they would risk losing a huge number of customers.

Hacked Email  Account Lead to Vanishing Investor Funds

In January, the FBI issued a warning that law enforcement agencies and financial regulators are seeing a disturbing trend.  Cybercriminals are executing unauthorized financial transactions from victims’ compromised brokerage accounts. The illegal transactions are combined with telephone denial of service (TDoS) attacks in which a victim’s phone line is flooded with spam-like calls preventing the brokerage firm from verifying that he made the transaction. One Florida man filed a police report stating that almost $400,000 disappeared from his online brokerage account while he was targeted by a TDoS attack.

According to the FBI, the cybercriminal typically sends an email to a brokerage firm requesting the account balance.  After that, he sends another email asking that a wire transfer be initiated on his behalf, claiming that a family emergency is preventing him from conducting business as usual.

The FBI says several reports indicate that cybercriminals have changed  the victim’s email settings, blocking email from his financial institution by sending it to the spam filter.  That prevents the victim from finding out that the fraudulent transaction has taken place. And it leaves more time for it to clear the account without being detected.

Last month, the private watchdog group FINRA (Financial Industry Regulatory Authority) also issued a consumer alert that some brokerage firms had released investor funds despite failed attempts to verify the instructions by phone.  That kind of lax security means investors needs to take responsibility for stopping identity theft when the trade online.

FINRA recommends that investors watch for warning signs that their email account has been hacked.  They include spam from people in your contacts folder and a barrage of bounced email messages from people you don’t know.

How One Hacker Traded His Way To Huge Profits with Other People’s Money

FINRA’s warning came one day after the Securities and Exchange charged a 34-year-old trader in Latvia with hacking into online stock trading accounts 159 times.  The hacker-trade allegedly manipulated stock prices on securities by making unauthorized purchases and sales of stocks listed on the New York Stock Exchange and the NASDAQ exchange, walking away with nearly $875,000.  According to the SEC complaint, Igorz Nagaicev’s online trading scheme may have cost investors more than $2 million.

How did Nagaicev do it?  The SEC says that, between 2009 and 2010, he set up trading accounts with eight unregistered brokerage firms – four in the U.S. and four abroad – which allowed him to buy stocks anonymously in the U.S. securities market. Then Nagaicev moved on to investor’s accounts that he’d hijacked, buying shares of the stock he already owned without the investors knowing it.  That artificially inflated the price of the stock which allowed him to sell it at a profit.  The transactions were always executed the same day, usually within minutes of each other.  And they were responsible for over 50% of the stock’s trading volume.

The SEC also charged the four unregistered brokerage firms in the U.S. with failing to implement safeguards that would have caught the hacker’s illegal stock trading scheme sooner.

“Individuals with brokerage accounts need to be vigilant about recognizing the telltale signs of online identity theft,” according to Lisa Phifer, President of Core Competence, which focuses on network technology and security. Phifer says unsolicited password change notices or email messages confirming trades that didn’t take place are both tip-offs that your account may have been hijacked.

According to Phifer, although the SEC complaint against Nagaicev does not allege how he hacked into victimized brokerage accounts, the close timing of FINRA and FBI alerts suggests that email involvement may be suspected. FINRA's alert notes there have been instances in which hackers trawled saved email messages and contacts to steal identities and other account details.

“But there’s also the risk of disclosing the very same information any time email is sent unencrypted over a WLAN or public Wifi hotspot,” says Phifer. “Always safeguard financial account-related email – both when it’s stored and when it’s sent.”

Stopping Identity Theft Means Investing in Your Online Security


  • Use virus, spyware and malware protection programs and update them regularly.
  • Only do business with a registered brokerage firm with strong online security measures in place to protect customers
  • Use long strong account passwords.  That means a combination of at least eight upper and lower case letters, numbers and symbols that are difficult for hackers to decipher.
  • Watch out for phishing emails or emails that look like they’re legitimate but direct you to other websites.  If you’re not sure they’re from your online brokerage company, don’t click on any links.
  • Never respond to any email asking for information about your online account
  • Don’t leave your computer unattended when you’re logged into your account.  Always log off and close your browser when you’re finished.
  • Check your online trading account often to make sure there are no unauthorized transactions.
  • Disable file sharing on your computer and secure your personal financial information on backup drives.
  • Don’t conduct online stock trading or any other financial transactions at Wifi hotspots.
  • Protect your investments by using VPN software like PRIVATE WiFi™.  VPNs safeguard your online security by encrypting the data traveling to and from your computer.  That makes it invisible to hackers.
  • If you suspect your email account has been hacked, immediately notify your brokerage firm and other financial institutions.  Change the user name, password and PIN for your brokerage and email accounts.  If you believe you’re a victim of online identity fraud in your brokerage account, notify FINRA at:

Has your online brokerage account been hacked using your email account; or has it been hacked another way?  If it has, we’d like to hear what happened to you. Drop us a line and share your story.




















Associated Topics:

Associated Topics:


Related Posts

New Hotel WiFi Vulnerability

Thought Leadership
Alok Kapur | Apr 9th, 2015

Earlier this year, the FTC declared a critical announcement for travelers: hotel WiFi is dangerous. Many people assume that because they are paying for it the network must be safe, but that is a dangerous assumption. Hotel WiFi networks are completely insecure; the bad news is that a new exposure in hotel WiFi has just been found. Read more to find out how you can keep yourself protected. Read More

Cyber Security Training Just As Important at C-Level

Thought Leadership
Eva Velasquez | Mar 24th, 2015

The need for better online safety training to prevent data breaches is a hot topic right now. Coupled with stronger computer and network policies, companies want to prevent the hacking events that leave businesses susceptible to a data breach. While it’s no secret that employees in both the private sector and government service can unintentionally expose organizations to hackers, what is surprising is a report by Wombat Security that shows that 33% of CEOs fell for phishing attacks that led to network access. Why are they falling for this kind of internet activity? Read More

E-filing: The Fastest and Safest Way to File Taxes?

Thought Leadership
Eva Velasquez | Mar 9th, 2015

E-filing your annual return to the IRS offers speed and convenience and when coupled with industry-approved software that can plug in the values for you, a lot of the headaches traditionally associated with doing your taxes are eliminated. However, there are some potential dangers that you should be aware of, such as insecure public WiFi networks and online tax fraud. Read More

FTC Says Hotel WiFi is Dangerous

Thought Leadership
Kent Lawson | Feb 23rd, 2015

Recently, the FTC posted an article on their website stating that hotel WiFi is dangerous and that users should not assume that just because they pay for Internet access that their connection is secure.

We couldn’t agree more. In fact, I have been stating this fact since we launched PRIVATE WiFi nearly five years ago.  This is an important topic because hotel traveler’s rank WiFi access at hotels as the number one amenity that they look for when booking hotel rooms. Read More


Thank you for subscribing to our newsletters

Your email has been added to our system. You will be e-mailed shortly with a request to confirm your membership. Please make sure to click the link in that message to confirm your subscription.