Someone cleaned up my IB account (almost)

Discussion in 'Retail Brokers' started by Mishka, May 6, 2002.

  1. Mishka

    Mishka

    It all started from Saturday morning e-mail confirming my wire request. But I didn't make any wiring plans! Monday morning I had a confirmation of most of my money is ready to be sent somewhere. Next IB told me the e-mail address had been changed as I asked. But I didn't!!!
    Someone hacked into my account with my password, tried to send money to brand new joint Ameritrade account opened on my name (!) and someone else I do not know. SS#, address, full name - all proper.
    On the phone IB person was not surprised a bit. I do not want the wire - fine, we'll cancell it. you didn't initiate it? OK, you didn't. Want to get back your old e-mail? Log into the account and change it back. Hello!!! Someone is stealing my identity along with my money from you!!! Nobody cares.
    Never thought it can happened to me, but definately expect more support from the institution I 've been loyal for years.
     
  2. Did u call FBI?
    Time to track down the criminal.....
     
  3. Htrader

    Htrader Guest

    In order to set up a new wire transfer instructions for IB you must first confirm this via email. I'm wondering how you never received that confirmation email since your old email address was still working at the time, since you did get that email telling you of the wire transfer.

    Did someone break into your email account, reply to the IB confirmation email, and then delete before you knew? If not, I'm not sure how this would have happened, since it appears that your email address was changed on monday, after the wire request was sent.
     
  4. Do you have any theories about how this happened? That's pretty scary!
     
  5. Mishka

    Mishka

    If not for the e-mail confirmation I wouldn't notice anything untill I'd have nice round number as a balance on my account.
    But all tokens were properly inserted authorizing everything. How? I have no slightest idea.
     
  6. Htrader

    Htrader Guest

    I would ask IB for the login records for your account. Hopefully IB tracks IP addresses. Give this info to the FBI and have them track the guy down. If doesn't work, ask the FBI to request info from Ameritrade, which might also have IP records for the person who opened that joint account with your name on it. The other name on that account must have an address to go along with it, something else to check out. Finally, if you can get the cooperation of Ameritrade, you can try to actually wire some money over there and see what happens to it.

    One other thing. If this person knows your SS number then you should also assume that your banking info has been compromised. You should go to your bank and have them give you a new account number and void all your current checks.
     
  7. Mishka

    Mishka

    e-mail address has to be changed manually by CS rep. Since they are closed weekends, I received notice about it Monday late morning when they actually did it. But wire transfer confirmation with token went out authomatically as they sent it, Saturday 7 am.
    Actual request to change e-mail was stamped 1 hour before the wire request, Saturday 6 am.
     
  8. Babak

    Babak

    woah! that is very scary!

    one question: do you have a good firewall running and configured properly?

    if so, which one is it?

    if not, that would be the first place a leak could take place. A hacker could sit between you and IB and see everything you see though screen/key capture software.
     
  9. I recall in another thread someone questioning my statement about not using hotmail as a primary email acct.
    Although you didn't say you did that it goes to show how dangerous low security practices can be.

    Call the FBI if you haven't yet. Obviously change all your passwords including to your email acct.

    Passwords should be a pain to hack like:
    ;kjn65hblbglkjbgv89ut98-4utnb45ytb
    While still hackable its a much more time consuming job to bruteforce a non-name oriented PW.

    As other's suggested here get yourself a good firewall software.
    In addition a hardware firewall is a nice addition and not that expensive anymore. A DSL/Cablemodem gateway hub has a built in hardware firewall that gives a level of security.

    If IB doesn't track IPs on funds requests its not too hard to figure out how they emailed IB using his email addy. Think about it guys. Its pretty basic to send an email as if its coming from someone else. The hacking of your system for PWs is another matter though.
    Personally I'd get EVERYTHING changed and I mean everything.
    I'd change IP addys with my ISP or change ISPs if they won't reissue me a new one. Change email account name/user name.
    Open a new IB account with a slight name change (like Middle name added) and close the other one.

    Please let us know how this plays out.
    Hope you fry their butts.
     
  10. Mishka

    Mishka

    So far I relied on NAT software on my cable router. Was under impression that firewalls slows down connection and brings more trouble then good. Obviously, not even close to enogh.
    Today I've got Zone Alarm, free version. What the proper parameters should be?
     
    #10     May 6, 2002