Online stockbroking scams

Hacking into your trading accounts

Scammers have the technology to hack into your emails and online trading accounts so they can pretend to be you, trade on your behalf and generate profit for themselves and large losses for you.

Here we explain how online stockbroking scams work and how you can avoid them.

How online stockbroking scams work

There are two common ways scammers hack into your computer to access your share portfolio.

Online trading hacking

Scammers steal your user name and password to access your online trading accounts directly.  They may infect your computer with a virus to track your key strokes and obtain your passwords or they may buy user names and passwords on the black market. The scammers use your compromised online stock trading account to buy and sell shares at an intentional loss - sometimes trading your account deep into debt. The scammers then use a separate account to benefit from these loss-making trades.

Email hacking

Scammers steal your email password then read your emails to become familiar with the way you give instructions to your broker.

They may even correspond with your broker to create a background story to show why you need funds released (for example, you are considering moving overseas, a family sickness, or a house purchase). The scammer may delete emails they send, as well as any replies to these, so you don't see them when you access your email account.

The scammer will email your broker and request that they sell your shares and urgently transfer the money from your account to the scammer's bank account (usually overseas). The email transfer request may even include a fake letter of authorisation from you.

If this happens, your broker may not phone you to confirm your instructions, having been deceived by previous stories of your change of circumstances.

Case study: Warren's online stockbroking account gets hacked

Young man who has had his online stockbroking account hackedWarren has an online stock trading account. He usually trades once a year and hasn't changed his password since he opened the account 5 years ago.

Out of the blue, Warren receives a call from his online broking service saying he has $1 million debt on his account from trades made that day. The last trade Warren remembered making was 6 months ago when his balance was around $50,000.

Shocked, Warren tells his broker that the trades were not made or authorised by him. Warren asks the broker to freeze his account immediately and tries to negotiate with the broker to get his money back. He also notifies the police and ASIC of the scam.

Warren quickly installs updated anti-virus software and then changes all his passwords to secure his financial accounts. The broker works with authorities to investigate the unauthorised trades.

Who scammers target

Scammers will target anyone with a stockbroker or online stockbroking account who has poor computer security, such as out of date anti-virus software. They may look for people who haven't changed their email passwords and who don't trade regularly, maybe only a few times a year.

How to tell if you've been scammed

Here are some signs that your online broking account has been hacked:

  • Unauthorised transactions on your broking account.
  • Your account has been emptied.
  • Your broker contacts you to confirm transactions or external transfer of funds that you did not authorise or that are unusual.
  • Your trade confirmations do not match trades you have made (it is very important to check all trade confirmations received from your broker either electronically or by regular post).
  • The Cash Managed Trust account linked to your share trading account contains unauthorised transactions.
  • Your password has been changed.
  • Your email provider has blocked you from your account.

How to avoid being scammed

Here are some practical things you can do to avoid being scammed.

  • Avoid communicating trading instructions using a public domain email address (as these tend to be less secure).
  • Never disclose the log-in details of your online securities trading account to anyone (even your broker).
  • Always check trade confirmations provided by your broker.
  • Regularly check your online broking account and any linked Cash Managed Trust account.
  • Place sensible trading limits on your account.
  • Regularly check what 'rules' have been set up on your email account to ensure that scammers aren't diverting emails from your broker to themselves.

For more tips on how to avoid being scammed see protect yourself from scams

What to do if you've been scammed

If a scammer gets access to your online stockbroking account, call your stockbroker, financial institution and credit card provider immediately and ask them to freeze your accounts. See what to do if you've been scammed for more detailed information on what to do next. 

Online stockbroking scams can be devastating. Keeping your anti-virus software up to date and changing your passwords regularly are good ways to keep your investments secure.

Related links

Last updated: 11 Feb 2019