IDA warns of online scam

The IDA is warning member firms and their clients of a new online scam, which not only costs investors their savings, but also manipulates micro-cap stock markets.

There have been a number of complaints from clients that unauthorized trades have taken place in their online accounts. While the IDA is not sure how account access is being obtained, it says the perpetrators of the scheme sell off the client’s holdings as quickly as possible, then use the funds to buy specific securities listed on the OTC Bulletin Board or NASDAQ pink sheets.

It is presumed that the perpetrator then takes advantage of the resulting increase in share prices to unload its own holdings in the listed companies.

“We became aware of two accounts here being compromised. We had a referral from a U.S. regulator earlier in the week, so it looks like there’s a little bit of a cluster here,” says Alex Popovic, vice-president, enforcement, at the IDA. “We thought it best to be a little pre-emptive and try to stop any more of it happening.

“Two member firms have notified us of their account holders having been compromised in two separate accounts,” he says. “This is still under investigation so we don’t want to give out too much detail.”

The IDA warns that there are a number of ways account access could be obtained, but that it is not sure which method is being used in this case. It is possible that clients have inadvertently downloaded a virus to their computer, and that virus is forwarding their access codes to the perpetrators; another theory is that the perpetrators could be “phishing” for data by contacting clients by e-mail, posing as the firm the client deals with and asking for personal information.

It is also possible that the member firms’ websites are themselves the weak link, possibly being hacked, or else with pirate websites being set up, which appear to be the correct site, but actually are used to harvest access information.

Investors who have online accounts should be aware of this risk. Clients should contact their firm regarding any unusual activities in their account.

Liability for the losses will vary from firm to firm, Popovic says, as it is governed by the contract the client signs when the account is opened. In general, if the firm’s site was the weak point, the firm will accept responsibility. Clients who unwittingly handed their access information over to the perpetrators, however, can expect to shoulder more of the liability for their losses.

“Whenever you open an account, you should be aware of what the liabilities are when you’re given access online,” Popovic advises. “Each firm has their own contract and clients need to refer to their own contract.”

Filed by Steven Lamb, Advisor.ca, steven.lamb@advisor.rogers.com