Friday, August 25, 2006

Scammers Strike On-Line Brokers

The Globe and Mail, Sinclair Stewart, 25 August 2006

A number of Canadian investors cleaned out their on-line brokerage accounts this week and then dumped the proceeds into a group of obscure penny stocks, including one based in Vancouver. There was only one problem: They had no clue they were actually trading.

Regulators and police are now scrambling to untangle a complex financial scam that has put a high-tech twist on the boiler rooms of yesteryear.

This week, a pair of Canadian brokerages, including BMO InvestorLine, discovered that someone had gained unauthorized access to a handful of client accounts, and then liquidated the portfolios. The money was used to place orders for securities listed on the OTC Bulletin Board and the Nasdaq pink sheets, apparently with the intention of manipulating these stock prices, according to the Investment Dealers Association of Canada.

Alex Popovic, vice-president of enforcement at the self-regulatory body, suggested this could be part of an elaborate "pump-and-dump" swindle, in which someone artificially inflates the price of a stock and then "dumps" it for a profit, leaving other investors with next-to-worthless paper.

"That's the supposition at this point -- that it is the 'pump' side of a pump-and-dump scheme," Mr. Popovic said. "Or, in the alternative, it could be a money-laundering scheme and it's a way of getting the cash out of the client's account."

So far, tens of thousands of dollars have been improperly traded, sources said. BMO reported two cases of improper account access to the IDA, while TD Waterhouse confirmed it is investigating suspicious activity in less than a half-dozen accounts, although it is not clear whether this is part of the same scam.

Mr. Popovic said he has notified the RCMP about the problem, as well as provincial securities regulators in Ontario and British Columbia. Authorities are still uncertain as to how the accounts were breached, but said there is no indication that fraudsters had penetrated the security systems at these on-line brokerages.

One theory is that investors unwittingly gave up their passwords through what is known as a "phishing" e-mail, a scheme that has become increasingly pervasive in the investment industry.

Essentially, fraud artists pose as a representative from a bank or brokerage firm and trick customers into divulging private account information.

Other possibilities cited by the IDA were "pirate" websites, which mimic the appearance of a bank's website, or even computer viruses that spy on users by recording their keystrokes.

Some experts have estimated there are as many as 150 million phishing e-mails sent over the Internet each day. A study by Visa two years ago, when phishing was still a relatively new phenomenon, suggested as many as 200,000 Canadians may have been victimized by these attacks.

The IDA was notified by U.S. authorities last week that a similar operation was afoot south of the border, and that the perpetrators were breaking into on-line trading accounts to buy the same stocks on the over-the-counter market. One of these unnamed securities is based in Vancouver, according to sources.

The IDA declined to comment on the specific stocks.