Identity Theft at ETrade?

by francine Hardaway on October 5, 2007

So my ETrade account has been compromised, and they have put it on restricted status. I noticed about a month ago that I couldn’t see my balances, and I began calling and emailing. I finally was able to talk to someone about it today, after trying for a month and being told that the “right person” to talk to would call me back. After an extensive interview in which I had to prove my identity, including asking me if I knew my own daughter and where she lived, I finally found out that someone had logged into my account in August from Germany and Romania.

That’s no surprise. They have plenty of software engineers in both places, and I’m sure it’s possible some of them are criminals, or work for criminals.

But how did they get my password? I can only hazard a guess. I never answer or even open emails from Paypal, ETrade, or BofA, all of whom have been victims of phishing schemes and spyware, so it can’t be that. I don’t open email attachments from folks I don’t know, either. I don’t use IE7, and most of the time I use a Mac altogether.

But…I still have a Windows machine in my home, which I use as a backup and for some applications that only support IE. (That would be Quickbooks online).My best guess is that my foster son, who stayed in my house over the summer, put Limewire on my Windows machine, and that the security breached occurred either through LImewire, or through Internet Explorer itself, which is the browser he used.

When I got home from the summer in California, the Windows machine was full of spyware and malware. I ran “Spybot” repeatedly, but couldn’t clean it up. I tried to delete IE, but you would be surprised how difficult that is to accomplish. Every time you think you’re done, it pops up in another place.

Finally, in desperation, I took the machine back to “Last known good configuration,” which was 90 days previously. That was the furthest back it would go or I would have taken it further. I am only using Flock as a browser, because it’s so obscure no one would write viruses for it. No more Maxthon, no more Firefox even.

So I have done my part. Good thing I took a Microsoft Certified Systems Engineer course ten years ago. Of course much has changed, but at least I am not afraid to remove things from the machine and I know where the registry is.

I’ll let you know when they give me back my money :-) They are assigning me a “case manager.”

Update: I spoke to the case manager today, and he assigned me a temporary password and made me choose a new user name and password. I am also being sent (by Fedex) a token key so that whenever I log in I will do it with a special piece of equipment. I think this could end up being how we all access the Internet when all of our financial information goes online. TechCrunch has written extensively and favorably about Mint, a new service that aggregates your bank accounts on the Internet. Interestingly, when I went to comment on the review because I had tried the service and found it great, the comment above mine was from Steve Ballmer, President of Microsoft, who said he didn’t think people would trust their financial information on the web. I think they will. I just think eventually we will all have PKE (private key encryption.

{ 7 comments… read them below or add one }

BASAIJA PAUL October 6, 2007 at 1:43 am

i met one person who was a young lady a student on holiday from Ireland she almost shared the same theft experience from the Stanbic Bank inn Fort-portal she used an automated teller machine to access her cash from her Irish account but the machine gave her a receipt that she had withdrawn over $600
it was a wonder for she alleged she had never made such a withdraw.

Merlin Ward October 6, 2007 at 3:54 am

Sorry to hear about your difficulties. :( Might be a good topic for Social Media Club. “Security” in social media and web applications?

Hope everything works out!

Ben October 9, 2007 at 8:44 am

I had a similar problem but I found this interesting offer on the web that would give me at least some peace of mind.

This is a special 6 months free subscription offer from Identityguard.com: http://www.identityguard.com/SpecialOffer/SpecialOffer.aspx?id=72741

They will monitor your credit file for free for six months. Your free subscription is canceled automatically at the end of the free trial period, unless you call them and ask to continue for $4.99 a month. Once you sign up for this offer, you always have a choice to upgrade to more sophisticated products through special member area offers which are considerably cheaper than those presented on their home page.

The company that owns the Identity Guard brand Intersections Inc also provides services to Bank of America, Wachovia, and Citibank clients through their own private labels.

Mickeleh October 10, 2007 at 2:44 am

So, Steve Ballmer doesn’t think people will put all their consolidated financial information on the web. But his company is offering to help us out by allowing us to park all of our health data with them on the web? Hmmm.

Sounds like a replay of the old (1948) Jack Benny radio gag: “Your money or your life?”

francine hardaway October 10, 2007 at 6:36 am

That, Michael, is one of the funniest blog comments I have ever received. And of course, you are right!

Vic July 4, 2008 at 6:00 pm

I just found your post after learning that someone has managed to access my E*trade Bank line of credit and transferred the entire credit line out of the account. I’m very curious to hear how E*trade handled the situation. BTW, in my case, the thief send a letter posing as my partner, who is also on the line of credit, requesting the address be changed. So, we were unaware of the transfers.

Francine hardaway July 4, 2008 at 9:26 pm

They knew about it and restored everything to my account and then they gave me a more secure log-in. Good luck to you :-)

Leave a Comment

Previous post:

Next post: