Well to validate authenticity, sharing screenshot for reference for all who think this post is wrong and not genuine.
Ibkr has added new feature on app for users who got hacked multiple options.
Can an app have multiple Ui??
I can imagine there are ways to get passwords
How did IB say the hacker got past MFA?
[Edit: IB page on secure login: " Consider this: if an Internet hacker or identity thief should somehow manage to obtain your IBKR username and password, they WILL NOT be able to access your account without physical possession of your Secure Login System security device or full access to your smartphone."
For example was MFA on your smartphone before the attack and did the hacker manage to move it to another smartphone? How ? (the reddit post said you werenât receiving any codes)
Did IB confirm it was moved to another account in your name? Or somehow did the ânames must matchâ check not happen ? If someone was able to set up an account in your name that would appear to be consistent with the theory that your phone or laptop were hacked or you were victim of id theft and phisshing
2 Likes
@naman.1
It seems to me that youâre using an Android phone. Is the version of the operating system up to date, or are the applications (IBKR in particular) also up to date?
Well Ibkr has now added new security feature. If they would have done in past I would have not lost my hard earned money on ibkr.
Some users will have option during login
Yes its up to date. If version was problem multiple customers would not be impacted.
Ibkr was not able to provide any justification how this fraud happened. Ibkr says we have specified in agreement if fraud happens on portal your money is gone ibkr will not do anything.
Here, ibkr shared indemenity bond to the bank to recall fund. Why would ibkr do to recall funds.its obvious they knew some fraud has happened and security team rectified it.
I wont leave my money like this. Legal way is the way for me.
Ibkr told nick name was given at my name and fraudster added his banking details like swift details and banking details. Money went at 1.05 am and i called them to stop at 8.30 am still no action was taken to stop payment.
This is also flaw in system. How can a person transfer money to different account ?
What do you mean by ânowâ?
Iâve been using 2FA (IB key - via fingerprint) for literally years.
4 Likes
Latter is true. Hacker withdrew funds in fraud account. They didnt verify and saying transaction was done your user name and password
I have added screenshot in earlier comment what change is there .
I had margin earlier then I converted to cash .
Well, its 2.42 am to be precise.
Typo error comes as this does not have spell check.
People pointed out on errors . I am more cautious now and doing spell check before posting.
This fraud has inpacted multiple customers in Usa and Europe.
In Canada , I am only unfortunate.
I canât and I wouldnât. I hope @_MP also would never do anything like this.
Totally agree. Itâs internet.
1 Like
The safety and security of this forum is its administratorâs task. The safety and security of this forumâs users is the forumâs users task, we are not a child care.
2 Likes
Hi @naman.1 could you clarify what MFA you had in place at the time of attack, what happened during the attack, and what is the change that you believe IBKR have implemented now?
- Did you have MFA via yoursmartphone and IB app ?
- When the attack happened, did you still have access to the MFA on your smartphone, or did you lose it (MFA should only be possible on one smartphone. If you lost the MFA, it might imply the MFA was transferred to the hackerâs phone)
- Regards ânew optionâ you refer to. Do you mean the " Digital Security Card + " option ? If they issued you one of these after the attack, wouldnât it make sense that option shows up now?
1 Like
What I cannot understand: we are - I think - all using the MFA (e.g. with my iPhone I have FaceID).
Maybe someone can log in and sell the stocks, but does anybody knows if there is another MFA when withdrawing assets? I thought it must be paid out to an account in the name of the account holder?
-If the fraudster was able to impersonate you and set up an account in your name at another bank, would that be IBâs fault ?
Note: I have read several cases in the UK press where fraudsters move money to a bank account then withdraw the money, and for some reason the bank is unfortunately not able to identify the fraudster. It raises the question what ID checks the bank is doing at account opening, but in any case it shows that process does not seem safe
-7 hours for a transfer does not seem particularly fast. It was clarified on the forum that EU is implementing instant SEPA payments soon. Transfers between UK banks are pretty much instant already
Logs show youâve registered and are currently logged in from Delhi, India.
8 Likes
Absolutely have no idea, what his goal was.
Exactly. What would motivate a person to go to social media and post dubious stories?
Nonetheless, the explicit policy of IBKR not to refund in case of fraud is worrisome for me.
Whoâs more bored than buy-and-hold investors?
3 Likes
I think, this is with all banks. If it is your fault (question is: where does it start?), then a bank like ZKB will not cover your loss as well. If it is a 100% hacking without phishing, e.g., and you are not responsible, then you should not be reliable. Each case will be reviewed by the legal team.
I am using the word âshouldâ, since - according to my colleague at ZKB - they never experienced such a case. Since he is not part of the legal team, I am not sure, how much weight his words have, but I trust them in this regard completely; they are a boring, conservative bank and this is exactly what I need, if I store huge amount of assets.
So, before this thread I barely thought about splitting up my assets; meanwhile I am willing to open an account with Saxo, SQ or ZKB to store my assets and to pay for it. Not sure, if I got paranoid or not.
1 Like