After targeting government and banking systems, cyber-attackers are now turned their focus on stock market. There has been increase in cyberattacks through new types of phishing scam where fraudsters are setting up fake websites that looks exactly same as the trading website of leading brokerages.
Their modus operandi includes sending these fake websites to random people through text messages, e-mails, social media and capture their user name, password, personal identification number or date of birth when unsuspecting investors try to login by clicking the fake website.
These credentials will be used to login to the investor’s trading account to execute buy or sell transactions on illiquid penny stocks as planned by the fraudsters, according to brokers.
“Recently a customer got tricked into sharing his login credentials at around 9 am, and by 10 am the fraudsters logged into the trading account, sold stock holdings worth around Rs 70,000 and created a loss of over Rs 60,000 within a few minutes,” said Nithin Kamath, CEO, Zerodha. “If you don’t have any cash balance in your account, they sell your existing holdings to fund these fraud trades.”
A technology officer of another leading brokerage said similar complaints were received from their clients regarding unauthorised trading in penny stocks. “Investigation in these matters revealed that the clients tried to login from an email message sent to them offering free brokerage during lockdown period”.
Generally, these fraudsters sell penny stocks from their account and buy them from the compromised account. Investors of the compromised account will lose money while counter-party to the scam orders will gain. They also trade on illiquid option contracts or just buy penny stocks to be sold later, said brokers.
“What we proactively do is constantly check for sites which have any lookalike of our name and design and we immediately take action if we find them,” said Prakarsh Gagdani, CEO, 5paisa.com.
Till recently, there were several firms mainly based out of Indore used to sent text messages, emails or calls offering stock tips and trading strategies to generate quick bucks. However, most of them were disappeared after market regulator Sebi took a stringent action against them.
Last year, Sebi imposed a penalty of Rs 40 lakhs on Indore based StarIndia Market Research for various violations of Sebi acts. Market regulator has also framed a detailed set of norms – the Sebi (Investment Advisors) Regulations in 2013 in order to ensure that the products offered by the advisors suited to their risk profile.