As featured in The Wall Street Journal, Money Magazine, and more!
     

Getting Spam on Your Ameritrade Email Address?

This article was written by in Investing. 9 comments.


Ameritrade LogoIf you’ve been getting penny stock spam on the email address you’ve only used for your Ameritrade brokerage account, here’s why:

In April 2005, Ameritrade reported that several tapes with customer information were lost… After the tape incident, Ameritrade notified me of the possible breach and I was given a year of an identity watch service. I was reassured by the comment that the tape was in “secure” areas… I can now report that my data was compromised and found its way into the hands of stock tip spammers. I think the Ameritrade tape wasn’t destroyed or lost. Here’s my evidence.

The conspiracy theorist in me can imagine a world in which Ameritrade hires spammers to spam its customers, hoping that some will use its services (generating transaction fees) to pump and dump penny stocks, and using the “compromised tape” as an excuse. I know in my heart the business world would never be this unscrupulous.

The odd thing is that I’m getting similar junk email to a number of email addresses, including ameritrade@my personal domain name — and I never signed up for an account on Ameritrade. If this email address was “guessed” by the spammers, it’s possible the others were…

Updated January 16, 2010 and originally published August 30, 2006. If you enjoyed this article, subscribe to the RSS feed or receive daily emails. Follow @ConsumerismComm on Twitter and visit our Facebook page for more updates.

Email Email Print Print
avatar
Points: ♦127,485
Rank: Platinum
About the author

Luke Landes, also known as Flexo, is the founder of Consumerism Commentary. He has been blogging and writing for the internet since 1995 and has been building online communities since 1991. Find out more about him and follow Luke Landes on Twitter. View all articles by .

{ 9 comments… read them below or add one }

avatar Jason

Hmm, makes you wonder. Until about a month ago I was receiving maybe one spam a week in my main personal email address that I haven’t used when signing up with any site I thought might “lose” it.

Then a month or so ago I began receiving like 10+ spams a day and the only account I remember signing up with that email address in the last few months was TD Ameritrade…

Reply to this comment

avatar Jason Roysdon

I too was once a TD/Ameritrade customer who received a stolen tape letter. However, my email address was surely only ever given to TD, and it included a unique 8-digit date as well as ameritrade. There is no way someone guessed this.

Reply to this comment

avatar Benedikt

Hmmm – I’m not too sure that the leak was just down to the missing tapes. I have used a unique adderss with ameritrade since about 2004; so that one could have been part of the missing tapes.

But, when the wave of spam started in mid-August, the spam started coming in on two different addresses – the one I’ve used with Ameritrade, and another unique address I’ve use with zacks.com (both following a slightly different naming pattern – so it’s somewhat unlikely both were guessed correctly, without first creating massive amounts of “invalid” email (which would have gotten through as well).

Now, there are links between the two companies – as the stock recaps from Ameritrade show “Finance data provided by: [...] Zacks Investment Research [...].

I’m not sure that someone in the two companies has full access to both user databases, but it seems like the most likely explanation. (And – what rules out the “tapes” theory on this is that the zacks-specific address had only been created in Feb 2006.

So, there most likely must have been a second security breach since the loss of the tapes…

Reply to this comment

avatar Tim

While Ameritrade may have lost a data tape back in 2005, there’s obviously someone with access to their client database who’s CURRENTLY selling/trading the e-mail addresses (primary and secondary) of Ameritrade customers. About a month ago I started getting hit with P&D gif spam at both my primary and secondary addresses, the latter which is a virgin address set up in 2006 and not used for anything else and could not be brute-force/guessed/dictionary attacked.

I think Ameritrade needs to get ahead of the curve on this issue and call in some computer forensics experts if not the FBI/SEC and figure outt which worm in their company is selling them out to spammer scum.

Reply to this comment

avatar Geo

I am letting you all know that this is continuing as of today, April 2007. Late last year, I began getting stock spam on all of the unique, known only to me and Ameritrade email addresses, so I immediately changed the addresses given to Ameritrade with new ones. Less than one week later, it began again. I changed the addresses again to something even harder to guess and wrote “not nice” emails to Ameritrade customer service letting them know that they “do not under any circumstances have my permission to share my contact information with anyone”. This seemed to get their attention, and the emails were clean for about six months, when today, it started again at both addresses they have for me, the same day, from the same spammers.
They either have security like a screen door in their data center, or a significant lack of business ethics. I’m done. My accounts will go elsewhere, never to return.

Reply to this comment

avatar jim5k

TD Ameritrade email security problem

It happened to me too – AGAIN. This is the third time the email address I use only with TD Ameritrade just ended up on a penny stock spam list. Either they are selling them, or they have a serious security problem (most likely an inside job).

This can not be explained by a random email address spammer (as Ameritrade told me) because I have a catch-all account that would receive ALL variations sent to my domain name. But I do not get random variations. This stock spam specifically targets the address I gave to TD Ameritrade, and only TD Ameritrade.

Also, the last time I changed my email address, I created three variations (*_TD1*, *_TD2*, and *_TD3*). I gave one to TD, and the other two were control (i.e. I did not give them to anybody). And guess what? The one I gave to TD is getting stock spam, and the other two are not.

I don’t know how else you can explain this other than private email addresses are leaking out of TD Ameritrade. And I am furious.

Reply to this comment

avatar Mister Pointer Outer

The person to talk to at Ameritrade is PAUL
THURSTON. and his phone number is:
800 669 3900 ext. 2538 (that’s the main customer
service number, ask for the extension).

He appears to be handling the issue. Ask him why
Ameritrade did not notify you about this second
leak. Ask him what they have done to prevent a
THIRD leak. Ask him to waive the $50 fee they will
charge you to transfer your account to a more-reputable
broker.

Reply to this comment

avatar t

Fascinating.

I, too, started getting spam at my ameritrade@myowndomainname.us a while back. I complained to customer service, who seemed responsibly concerned about this… I then change the email they had and had no further problems.

Reply to this comment

avatar MM

Ameritrade finally owned up losing these email addresses. I first contacted them on 8/15/06 that an email address unique to them had started receiving spam.

They took over a year to finally identify the hole and close it. Complete and utter lack of professionalism.

Reply to this comment

Leave a Comment

Connect with Facebook

Note: Use your name or a unique handle, not the name of a website or business. No deep links or business URLs are allowed. Spam, including promotional linking to a company website, will be deleted. By submitting your comment you are agreeing to these terms and conditions.

Notify me of followup comments via e-mail. You can also subscribe without commenting.

Previous post:

Next post: