Online stockbroking scams

Hacking into your trading accounts

Scammers have the technology to hack into your emails and online trading accounts so they can pretend to be you, trade on your behalf and generate profit for themselves and large losses for you.

Here we explain how online stockbroking scams work and how you can avoid them.

How online stockbroking scams work

There are two common ways scammers hack into your computer to access your share portfolio.

Online trading hacking

Scammers steal your user name and password to access your online trading accounts directly.  They may infect your computer with a virus to track your key strokes and obtain your passwords or they may buy user names and passwords on the black market. The scammers use your compromised online stock trading account to buy and sell shares at an intentional loss - sometimes trading your account deep into debt. The scammers then use a separate account to benefit from these loss-making trades.

Email hacking

Scammers steal your email password then read your emails to become familiar with the way you give instructions to your broker.

They may even correspond with your broker to create a background story to show why you need funds released (for example, you are considering moving overseas, a family sickness, or a house purchase).  The scammer may delete any sent emails and any replies so you don't see them when you access your email account.

The scammer will email your broker and request that they sell your shares and urgently transfer the money from your account to the scammer's bank account (usually overseas). The email transfer request may even include a fake letter of authorisation from you.

Your broker may not phone you to confirm your instructions, having been deceived by previous stories of your change of circumstances.

Case study: Warren's online stockbroking account gets hacked

Young man who has had his online stockbroking account hackedWarren has an online stock trading account. He usually trades once a year and hasn't changed his password since he opened the account 5 years ago.

Out of the blue, Warren receives a call from his online broking service saying he has $1 million debt on his account from trades made that day. The last trade Warren remembered making was 6 months ago when his balance was around $50,000.

Shocked, Warren tells his broker that the trades were not made or authorised by him. Warren asks the broker to freeze his account immediately and tries to negotiate with the broker to get his money back. He also notifies the police and ASIC of the scam.

He quickly installs updated anti-virus software and then changes all his passwords to secure his financial accounts. The broker works with authorities to investigate the unauthorised trades. Warren is waiting on an outcome.

Who scammers target

Scammers will target anyone with a stockbroker or online stockbroking account who has poor computer security such as out of date anti-virus software. They may look for people who haven't changed their email passwords. When targeting online trading accounts, scammers look for people who don't trade regularly, maybe only a few times a year.

How to tell if you've been scammed

Here are some signs that your online broking account has been hacked:

  • There are unauthorised transactions on your broking account
  • Your account has been emptied
  • Your broker contacts you to confirm transactions or external transfer of funds that you did not authorise or are irregular
  • Your trade confirmations do not match trades you have made (it is very important to check all trade confirmations received from your broker either electronically or by regular post)
  • The Cash Managed Trust account linked to your share trading account contains unauthorised transactions
  • Your password has been changed
  • Your email provider has blocked you from your account

How to avoid being scammed

Here are some practical things you can do to avoid being scammed.

  • Ensure your anti-virus and anti-spyware/adware software is updated regularly
  • Set a password that is difficult to guess and unique for your online securities trading account and change your password regularly
  • Avoid using public Wi-Fi, or public computers to login to your accounts
  • Avoid communicating trading instructions using a public domain email address (as these tend to be less secure)
  • Never disclose the log-in details of your online securities trading account to anyone (even your broker)
  • Always check trade confirmations provided by your broker
  • Regularly check your online broking account and any linked Cash Managed Trust account
  • Speak to your broker about placing sensible trading limits on your account
  • Regularly check what 'rules' have been set up on your email account to ensure that scammers aren't diverting emails from your broker to themselves

What to do if you've been scammed

If you think you might have been targeted by an online stockbroking scam here is what you should do: 

  • Notify your stockbroker, financial institution and credit card provider immediately
  • Notify the police and report the scam to ASIC
  • Update your anti-virus software (make sure your coverage includes anti-spyware/adware) before changing your passwords on all financial accounts (broking and banking) and email accounts

Online stockbroking scams can be devastating. Keeping your anti-virus software up to date and changing your passwords regularly are the best ways to keep your investments secure.

Related links

Last updated: 24 Oct 2018