It appears the world of phishing and account takeover has reached online investing.  It was only a matter of time, and this is is first instance I recall. 

“This week, a pair of Canadian brokerages, including BMO InvestorLine, discovered that someone had gained unauthorized access to a handful of client accounts, and then liquidated the portfolios. The money was used to place orders for securities listed on the OTC Bulletin Board and the Nasdaq pink sheets, apparently with the intention of manipulating these stock prices, according to the Investment Dealers Association of Canada.”

Source: “Canadian Banks & Insurance – Mozilla Firefox”

The story continues, the likely reason would be phishing of some type, where the bad guys obtain customers username and password through some illegal means.

Authorities are still uncertain as to how the accounts were breached, but said there is no indication that fraudsters had penetrated the security systems at these on-line brokerages.

One theory is that investors unwittingly gave up their passwords through what is known as a “phishing” e-mail, a scheme that has become increasingly pervasive in the investment industry.

This situation went beyond normal phishing to steal money.  The criminals apparently used the opportunity to manipulate stock prices.

tags: direct+investing, phishing