Let me see if I understand this situation a bit better. Many of the individuals who have been the victims of fraud at E-Trade were most likely defrauded via ACH transfers. Is it safe to assume that the perpitrators carried out this act by having access to the victim's checking account number at E-Trade? Is this system so fragile that this fraud can be completed merely by knowing the victim's Account Number and then initiating an ACH transfer to another account fraudulently set up in the victim's name?
It was an eTrade brokerage account & yes, from what I've read on their websight, if the cash was sitting in one of their "bank accounts" instead of brokerage...it may have different "rules" like I would only be liable for $500. ...but then again, I'm not sure of the above.
Also, for ACH/or EFT to happen, shouldn't I have gotten an alert on 6/16 when the money was taken out or an e-mail. In the past, whenever I've written a check or or wired money from an account(with older closed e-trade accounts - I have no accounts witht this one), I received both an alert and e-mail when it happened. I never received anything (alert or e-mail) on 6/16 when the transfer took place.
I am going to be guessing here but in order to initiate a wire transfer the thieves had to have access to your email account. I believe when you request a wire transfer Etrade sends a security code to your email address which you'd have to enter in Etrade's on-line form in order to proceed with the transfer. The thieves therefore having access to your email account could delete confirmation email from ETrade as soon as it arrived. Having access to your Etrade account they could also easily delete the alert. As I said I am just guessing.
Well if true, the thieves have access to my corporate e-mail account (which is a large fortune 500 company), because that is the only e-mail connected with the eTrade account. I don't think they have access to my e-mail. It is always secured behind a firewall and/or protected by a secure ID card (if you were to log-in outside the company domain).
That does sound strange, this is how they describe their wire transfer procedure: For your protection, we have implemented an added level of security for wire requests. We will send a security code to your e-mail address on record and listed at the bottom of this page to help verify your identity. You will be required to submit this code in order to compelete your request. If you need more assistance or if you would like to complete your request over the telephone, please call us at 1-800-ETRADE-1 (1-800-387-2331). Request a Wire in 3 Easy Steps Step 1: Request a Security Code At the bottom of this page, select the account you want the wire sent from and click the Send Me a Code button. An e-mail will be sent immediately to the e-mail address on record for your account. The e-mail address is displayed below next to the account name. Step 2: Receive Security Code via E-mail Check your e-mail account for a message with subject line "Security Code" from E*TRADE Financial. Open the e-mail and click Continue Your Request link. The Wire Request: Enter Request page will open in a new browser window. Step 3: Complete Wire Request Enter all required information, including the security code, in the Wire Request: Enter Request page to complete your wire request. In other words in order to wire money out of Etrade one seems to need access to associated email account. I am not familiar with ACH though so it may be different or maybe your corporate email account was indeed compromized too.
ACH transfers can be pushes or pulls. Its not clear from the information given if the thief logged into the victims ETrade account pushed the money out or using the victims acct info pulled the money out into their own account. I do a lot of ACH transfers (mostly between banks) and I have never been required to authorize the transfer on the "far" end receiving the ACH request (be it a pull or a push). So it does seem that barring any special security controls in place, just knowing the victims name, account number and their institutions routing number would be sufficient to suck money from their account assuming you have a way to create a fake account in someone else name and not get caught when the fraud is found out. What even more interesting is any time you give someone a personal check you have given them all 3 pieces of information they need to do this (your name, acct number and routing number). Hmmmm.
Exactly Winter. What you mention in the last paragraph is the part that is extremely troubling. In fact, I had read about this type of fraud recently, but until I saw this many cases on EliteTrader about E-Trade, I had never understood what an epidemic this could become. Many people recently have talked about only using cashier's checks for this very reason.
I have not gotten my money back as yet and have since sent them a certified letter with all the facts and demanding my money back. They sent me a letter acknowledgeing that they recieved my letter. As of right now, they are standing by their stance of it being my loss and responsiblity. I will let you know of any updates. I have filed a police report and a complaint at www.nasd.com . I will go to the SEC as you did. A friend also suggested going to e-trades compliance officer. I also did not get the email confirmation of the transfer that was standard in EVERY other money transfer I had. These guys at etrade......... hope you have better luck with etrade than i have.