Let me know if you use foliofn as your broker either via email or this thread. Thank you
Marco
Yes, I use FolioFN. Very happy with them in terms of execution. Wish they had some better reporting functionality, though.
I use them too.
Hi Marco,
I have used them since 2000. No major issues till November 2008. Somehow my account was hacked and a lot of trades placed for an illiquid stock (was mostly sitting in cash at that time). By the time they caught it the stock had dropped a lot and I ended up losing $22,000.
Foliofn said that somehow my account info was stolen and it is not their fault. I have banked online and had other online brokerage accounts since 1997 and have never had any other problems.
KJ
That’s not very reassuring. Did SIPC make you whole?
I use them, but the above comment is very scary.
Tom
I wish. Although they traced the IP address of the computer that logged in to a foreign country, they still blamed me. I reported to SEC and they talked a good game to me but did not do anything. But for SEC compared to the billions Madoff lost, I was a very small fish.
I was wrong on the date. Actually it was October 16th, 2008. The stock was NBIX. I have attached a section of my statement from my regular account showing the trades. Similar trades were also placed in my IRA account at Foliofn since you see all your accounts when you log in.
I did not think there was an easy way to steal from a brokerage account since if they cash out, the check will be sent to my home address. But they found a creative way.
As I said in my earlier message I had my bank and other brokerage accounts online and none of them were hacked. So I have to wonder if Foliofn has some issues with their online security.
Foliofn.pdf (164 KB)
kss60,
Did you find any evidence that your PC was compromised, possibly allowing the criminals to retrieve username and password information from your computer by means of, say, a key logger program?
I am considering opening an account with FOLIOfn and would be very interested to know if their security is in any way inadequate.
I’m not an expert on this topic, but another possibility is that you accessed your account from a public computer or over a unsecure network and there was a program in there that captures the keystrokes. For example, if you used a computer in a hotel to access your account. I even wonder about the security risks of using my PC over the hotels network. Or using WIFI at a cafe or McDonalds. I usually carry my laptop with me when I travel so that I dont need to use a public PC. Also, I use my laptop internet card instead of the hotels network when I can.
Also, make sure your home network is secure. I think by default they are unsecured when you set them up. A hacker can drive around and find unsecure networks and then get into your PC. I’ve seen stories on this where they do this to break into retail networks and steal the credit card info.
I like Interactive Brokers security card feature where you have to enter in a code based on 2 numbers they give you when you log in. This pretty much eliminates the risk of somebody recording your login info.
Dan,
I looked at those things:
Did not use a public computer ever.
No use of public wifi.
Home network has been encrypted and secured from day one.
Even at home I have anti-virus and firewall active. I have started using keyscrambler after this incident. None of my kids know my passwords or use my computer.
I am one of the more careful computer users out there but I still allow for the possibility that the info was stolen from my pc somehow. Most people I know are lot less aware of all the risks regarding use of their computers. So Foliofn need to improve their security. You mentioned IB and most banks have also implemented some more additional security measures (like registering your computer by answering some random security questions). As I mentioned in my earlier posts I have been doing online banking since 1997 and I think they would have gone after my bank accounts first if they were able to get the info from my computer. They were either unable to log into my bank accounts or they did not get the info from my computer. I also had 3 other online brokerage accounts at that time which were all fine. I mentioned improving their security to Foliofn but they indicated that they were fine. I am not suggesting that Foliofn is at fault here (I just do not know) but I am just bringing this to everybody’s attention so that people are aware of online brokerage risks. Like I said in my previous post, I did not even think that they could hurt you so bad in a brokerage account. This was only one instance in all the time I have been doing online brokerage and banking (about 12 years) but it was very expensive for me. 
KJ
KJ,
Sorry to hear that you got scammed through your account.
The scam you describe became popular in 2006 and several brokerages beefed up security in response. Basically eastern european and asian hackers learned that if they hacked a brokerage account and traded on the other side of an illiquid stock who’s price they could manipulate by first buying slowly and lowly in their account and then selling fast and high to the hacked account, they could in effect transfer the funds to their account.
The responses from brokerage firms were varied. TD Ameritrade warned clients of the scam, refunded clients (http://www.computerworld.com/s/article/9004416/Identity_thieves_hit_customers_at_TD_Ameritrade_E_Trade) and at the same time increased security by adding various verification questions. InteractiveBrokers went the furthest in strengthening security among the brokers I know; they sent out personal security cards (look like calculators) that you have to enter a pin, generate a token and enter the token along with your password each time you login or change functional areas in the site. A real pain, but well worth it.
A good friend of mine is an IT security expert who has started up several IT security firms and has dealt heavily in security forensics. The hackers are now building databases on us. They scan Facebook, LinkedIn, and other sites for our personal information and store it in a relational database. They can find your high school, your friends & family names, hobbies and more by scanning the public info posted on these sites. And then they use this information to break your security verification questions.
My friend was called in to investigate a hacker ring and when he got to their database, he found out they had information on him that was deeper than any single organization has on him. All done by aggregation.
So, be careful out there. They are in the business of stalking us.
Carl
PS - I would think that by 2008 FolioFn would have put in place anti-fraud tools to prevent this “old hack”. I would not be surprised if an attorney out there is putting together a class action to get folks some refunds as one could construe the FolioFn security hole to be gross negligence since the hack/scam and preventative solutions were well known by 2008. But it would still be better to get a refund from Fn as the class action returns to clients are usually only pennies on the dollar.
My IRA has been with them since 2000. I liked the fact that a former head of AMEX came up with the idea and backend for the folio trading system.
Clearly, theres a chance at some synergy between the service over there and the tools over here. Would others agree?
I am surprised and sorry to hear about the hacking of an account there, though.
Carl notes [quote]
They scan Facebook, LinkedIn, and other sites for our personal information and store it in a relational database. They can find your high school, your friends & family names, hobbies and more by scanning the public info posted on these sites. And then they use this information to break your security verification questions.
[/quote]
The way around this is to invent a fictitious life for security purposes. For example: What high school? “Imaginary HS”
I wish I could say that I use this method religiously. I know I should, but get lazy.