I am opening a new IB account with new funds. While I know there are much larger accounts the size is still sizable, at least big enough for criminals to spend their time figuring a way "in". 1. I understand IB has a token device, but this will "only" cover the fund withdrawal process. So far so good. 2. What other pre-cautions could I take? I'm especially concerned with attackers getting my user/pass to IB and then making fraudulent buy/sell transactions, e.g. with penny stock to manipulate prices in their favour. I will be running the TWS and connecting to it via NinjaTrader to make trades and monitor positions. Is it generally a good idea to run the TWS on a seperate machine in my office network, maybe even on Linux so it's less likely to catch a virus? Does IB provide a way to restrict TWS access only to a certain IP address or range? Do you change your IB password regularly? How often? Anybody have some suggestions, please post. There must be traders or institutions with larger IB accounts that have thought about these issues before. Thanks
I just found this: http://www.interactivebrokers.com/en/software/security.php So apparently there is a way to restrict IP range! That's great. Still... anybody have any tips or general best practice procedures to share, please post.
Use the Windows on-screen keyboard when entering user name and passwords to avoid any possible keyloggers. Use a hardware firewall and sweep your system for virii at least once a week with trend micro's online virus scan. The dongle is free for 7-figure accounts. I believe you can purchase the dongle if your account doesn't qualify.
Excellent advice. I'd like to add another free online virus scanner to the list. Bitdefender. If finds more spyware/malware than most others. A bit slow though. But you can choose what to scan. For instance, just scan the windows directory.
i have the token to withdraw money. how the heck could anyone get a penny out of your account with the token security pad? it's almost impossible as you must enter security strings in addition to answering your email. why would somebody go threw that? there's much easier targets. i have a mid 6 figure account and have never had 1 problem in 3 years
Using your TWS user/pass and a low volume penny stock an attacker could siphon funds off of your account, circumventing the need to wire funds out. Check out this thread, gave me the creeps: http://www.elitetrader.com/vb/showthread.php?s=&threadid=69978&highlight=fraud
somebody traded his account they didn't steal the money. i'm on my account every minute of every day and would immediately see unauthorized trades. . show me were someone has gotten money unauthorized if you have a token?
Sold his equity to raise cash, then bought penny stock equity. From some other (probably also stolen?) account they sold penny stock to his compromised account at a "high" price. That's how they got money out of his account. Simple & scary. Not trying to be paranoid, I'm just concerned about this possibility. Good & save trading to everybody.