Post by Catdaddy on Mar 15, 2007 21:10:05 GMT -5
I thought this deserved a post in light of what we've been dealing with and the recent Bloomberg program. Later,
Catdaddy
Canadians victims of new 'hack, pump and dump' scheme
JANET MCFARLAND
From Thursday's Globe and Mail
A dozen Canadian investors got an unwanted introduction to a new form of fraud last year when they discovered more than $1-million of worthless penny stocks had been purchased using their online brokerage accounts.
The purchases were part of a classic "pump-and-dump" stock manipulation fraud, but with a twist. The criminals didn't bother with phone calls and e-mails trying to induce victims to buy worthless shares -- they simply hacked into victims' trading accounts and bought the shares themselves.
The U.S. Securities and Exchange Commission revealed the extent of the fraud this month after obtaining a court order to freeze $3-million (U.S.) in assets in a trading account used by the scammers at a Latvian bank.
While most of the victims were Americans, the case also involved about 12 Canadians who lost about $1-million (Canadian) in total, said Alex Popovic, head of enforcement at the Investment Dealers Association of Canada (IDA), which regulates brokerage firms.
Related to this article
Articles
Three men indicted in online 'hack pump and dump' scheme
SEC goes after scammers
Follow this writer
Add JANET MCFARLAND to my e-mail alerts
Latest Comments
Canadian Tire is illegally collecting customer information when...
To WH canada It is obvious that this member of the "Performing...
This may sound crass, but the date-rape drug victim has to drink...
Maddog Murdoch from TorontoBefore you spew forth, you need to...
16 reader comments | Join the conversation
"Some of these people were fairly well-to-do, and one or two accounts had significant amounts of money. One had somewhere around $600,000," he said.
The IDA first learned about the account hacking last August after customers lodged complaints. The regulator issued a warning to investors at the time, but details of the case were not publicized until recently.
The SEC has not discovered the names of the individuals involved in the recent case, but has traced their trading to an account at JSC Parex Bank, based in Riga, Latvia. The trading was conducted through four offshore accounts held by anonymous investors, who manipulated 15 stocks trading on the Nasdaq Stock Market.
The SEC said the criminals loaded up on thinly traded shares, then hacked into online accounts, sold off the victims' existing shares and then used the proceeds to buy more of the shares owned by the fraudsters.
By driving the market price higher and cashing out their personal holdings, the crooks reaped a profit of at least $732,941 (U.S.), the SEC said.
On March 6, the SEC won an emergency court order freezing $3-million held in the United States in the name of JSC Parex Bank. The SEC has not accused the bank of any wrongdoing.
The allegation of blatant fraud was far from an isolated case. The SEC has announced charges in three other alleged "account intrusion" cases since December, including a case this week involving hackers based in India, highlighting the exploding new field of "hack, pump and dump" fraud.
In a press release earlier this month, John Reed Stark, who heads the SEC's Office of Internet Enforcement, said crooks can complete these scams in as little as a couple of hours.
"These perpetrators effectively cut out the middleman of the old fashioned pump-and-dump scheme," he said.
Mr. Popovic said the criminals often get peoples' account numbers and passwords either by duping them into e-mailing the information, or by implanting computer viruses that lurk inside a victim's computer, recording passwords as they are typed.
Canada has yet to discover any homegrown frauds of this sort, and Mr. Popovic said part of the reason may be because of the greater difficulty of actually removing funds from Canadian online brokerage accounts.
In the U.S., he said, it's much easier to transfer money out of a brokerage account and into a thief's bank account where it can be liquidated -- a common outcome in some of the U.S. cases.
In Canada, the process of removing money is multistaged and it takes longer to get a cheque issued for the funds, making it almost impossible for thieves to actually remove the money.
As a result, Canadian accounts are only good for pure pump-and-dump schemes, where a fraudster buys a lot of shares of a worthless penny stock, then cashes out at a big profit after manipulating the shares higher.
The stock price immediately collapses when the fraud is completed, leaving the victims holding worthless stock.
"The number of invasions we've had is quite small in comparison to the Americans," Mr. Popovic said.
That doesn't mean investors are not badly burned, however.
"They were still buying worthless securities and, at the end of the day, the client still has a loss, it's just that they [the thieves] can't get the cash," Mr. Popovic said.
In many cases seen so far, it is the brokerage firm and not the customers who end up on the hook.
In the Latvian case, for example, the SEC said seven brokerage firms voluntarily repaid over $2-million to assist clients.
While similar "hack, pump and dump" frauds do not appear to have been launched from Canada, the porous border has meant Canadian companies have been caught in various schemes.
In another "hack, pump and dump" case made public in January by the SEC, several victims of the manipulations were small Canadian companies, including Northwater Resources Inc. of Vancouver, Mamma.com Inc. of Montreal, and Quantum Energy Inc. of Penticton, B.C.
The British Columbia Securities Commission said it has assisted the SEC in its investigations, but hasn't detected any "uniquely domestic" frauds.
"This is another wrinkle in the whole thing of trying to part people from their money," BCSC spokesman Andy Poon said.
*****
Pump-and-dump defences
How to protect yourself from pump-and-dump frauds targeting your online brokerage account:
Don't respond to e-mails requesting account or password information. As part of a practice known as "phishing," crooks induce people to reveal their passwords, sometimes creating fake Web pages or e-mail addresses to give the impression their requests are coming from your bank or brokerage firm.
Install good firewall and security software on your computer to avoid viruses that plant spying software to detect your account passwords when you log in.
Do not make financial transactions using wireless computers on public networks, such as those at airports or coffee shops where security features have been reduced. Your information may not be protected.
Change your passwords frequently, and choose passwords that are difficult to guess. Ensure passwords have a combination of numbers, upper- and lower-case letters, and other punctuation or special characters.
Catdaddy
Canadians victims of new 'hack, pump and dump' scheme
JANET MCFARLAND
From Thursday's Globe and Mail
A dozen Canadian investors got an unwanted introduction to a new form of fraud last year when they discovered more than $1-million of worthless penny stocks had been purchased using their online brokerage accounts.
The purchases were part of a classic "pump-and-dump" stock manipulation fraud, but with a twist. The criminals didn't bother with phone calls and e-mails trying to induce victims to buy worthless shares -- they simply hacked into victims' trading accounts and bought the shares themselves.
The U.S. Securities and Exchange Commission revealed the extent of the fraud this month after obtaining a court order to freeze $3-million (U.S.) in assets in a trading account used by the scammers at a Latvian bank.
While most of the victims were Americans, the case also involved about 12 Canadians who lost about $1-million (Canadian) in total, said Alex Popovic, head of enforcement at the Investment Dealers Association of Canada (IDA), which regulates brokerage firms.
Related to this article
Articles
Three men indicted in online 'hack pump and dump' scheme
SEC goes after scammers
Follow this writer
Add JANET MCFARLAND to my e-mail alerts
Latest Comments
Canadian Tire is illegally collecting customer information when...
To WH canada It is obvious that this member of the "Performing...
This may sound crass, but the date-rape drug victim has to drink...
Maddog Murdoch from TorontoBefore you spew forth, you need to...
16 reader comments | Join the conversation
"Some of these people were fairly well-to-do, and one or two accounts had significant amounts of money. One had somewhere around $600,000," he said.
The IDA first learned about the account hacking last August after customers lodged complaints. The regulator issued a warning to investors at the time, but details of the case were not publicized until recently.
The SEC has not discovered the names of the individuals involved in the recent case, but has traced their trading to an account at JSC Parex Bank, based in Riga, Latvia. The trading was conducted through four offshore accounts held by anonymous investors, who manipulated 15 stocks trading on the Nasdaq Stock Market.
The SEC said the criminals loaded up on thinly traded shares, then hacked into online accounts, sold off the victims' existing shares and then used the proceeds to buy more of the shares owned by the fraudsters.
By driving the market price higher and cashing out their personal holdings, the crooks reaped a profit of at least $732,941 (U.S.), the SEC said.
On March 6, the SEC won an emergency court order freezing $3-million held in the United States in the name of JSC Parex Bank. The SEC has not accused the bank of any wrongdoing.
The allegation of blatant fraud was far from an isolated case. The SEC has announced charges in three other alleged "account intrusion" cases since December, including a case this week involving hackers based in India, highlighting the exploding new field of "hack, pump and dump" fraud.
In a press release earlier this month, John Reed Stark, who heads the SEC's Office of Internet Enforcement, said crooks can complete these scams in as little as a couple of hours.
"These perpetrators effectively cut out the middleman of the old fashioned pump-and-dump scheme," he said.
Mr. Popovic said the criminals often get peoples' account numbers and passwords either by duping them into e-mailing the information, or by implanting computer viruses that lurk inside a victim's computer, recording passwords as they are typed.
Canada has yet to discover any homegrown frauds of this sort, and Mr. Popovic said part of the reason may be because of the greater difficulty of actually removing funds from Canadian online brokerage accounts.
In the U.S., he said, it's much easier to transfer money out of a brokerage account and into a thief's bank account where it can be liquidated -- a common outcome in some of the U.S. cases.
In Canada, the process of removing money is multistaged and it takes longer to get a cheque issued for the funds, making it almost impossible for thieves to actually remove the money.
As a result, Canadian accounts are only good for pure pump-and-dump schemes, where a fraudster buys a lot of shares of a worthless penny stock, then cashes out at a big profit after manipulating the shares higher.
The stock price immediately collapses when the fraud is completed, leaving the victims holding worthless stock.
"The number of invasions we've had is quite small in comparison to the Americans," Mr. Popovic said.
That doesn't mean investors are not badly burned, however.
"They were still buying worthless securities and, at the end of the day, the client still has a loss, it's just that they [the thieves] can't get the cash," Mr. Popovic said.
In many cases seen so far, it is the brokerage firm and not the customers who end up on the hook.
In the Latvian case, for example, the SEC said seven brokerage firms voluntarily repaid over $2-million to assist clients.
While similar "hack, pump and dump" frauds do not appear to have been launched from Canada, the porous border has meant Canadian companies have been caught in various schemes.
In another "hack, pump and dump" case made public in January by the SEC, several victims of the manipulations were small Canadian companies, including Northwater Resources Inc. of Vancouver, Mamma.com Inc. of Montreal, and Quantum Energy Inc. of Penticton, B.C.
The British Columbia Securities Commission said it has assisted the SEC in its investigations, but hasn't detected any "uniquely domestic" frauds.
"This is another wrinkle in the whole thing of trying to part people from their money," BCSC spokesman Andy Poon said.
*****
Pump-and-dump defences
How to protect yourself from pump-and-dump frauds targeting your online brokerage account:
Don't respond to e-mails requesting account or password information. As part of a practice known as "phishing," crooks induce people to reveal their passwords, sometimes creating fake Web pages or e-mail addresses to give the impression their requests are coming from your bank or brokerage firm.
Install good firewall and security software on your computer to avoid viruses that plant spying software to detect your account passwords when you log in.
Do not make financial transactions using wireless computers on public networks, such as those at airports or coffee shops where security features have been reduced. Your information may not be protected.
Change your passwords frequently, and choose passwords that are difficult to guess. Ensure passwords have a combination of numbers, upper- and lower-case letters, and other punctuation or special characters.