An alarmed SEC says that teams of thieves are lifting passwords from home PCs — and emptying online brokerage accounts.

Arriving home from a five-week trip to Belgium and India on Aug. 14, a jet-lagged Korukonda L. Murty picked up his mail — and got the shock of his life. Two monthly statements from online brokerage E*Trade Financial (ET) showed that securities worth $174,000 — the bulk of his and his wife’s savings — had vanished.



During July 13-26, stocks and mutual funds had been sold, and the proceeds wired out of his account in six transactions of nearly $30,000 apiece. Murty, a 64-year-old nuclear engineering professor at North Carolina State University, could only think it was a mistake. He hadn’t sold any stock in months.



“I’M SHOCKED”. Murty dialed E*Trade the moment its call center opened at 7 a.m. A customer service rep urged him to change his password immediately. Too late. E*Trade says the computer in Murty’s Cary (N.C.) home lacked antivirus software and had been infected with code that enabled hackers to grab his user name and password.



The cybercriminals, pretending to be Murty, directed E*Trade to liquidate his holdings. Then they had the brokerage wire the proceeds to a phony account in his name at Wells Fargo Bank. The New York-based online broker says the wire instructions appeared to be legit because they contained the security code the company e-mailed to Murty to execute the transaction. But the cyberthieves had gained control of Murty’s e-mail, too.



More here.