Ameritrade Spammers
You know those annoying image spams that seem to be getting through a lot of spam filters lately? Well I now have at least one company to blame for them: TD Ameritrade.
You see, when I sign up for a new service, I often give out a custom e-mail address just for that service. Today I noticed that some (not all) of the image spam is coming to my Ameritrade custom address. There’s a small chance that the spammers just guessed that address, but it’s much more likely that Ameritrade sold my address to them, directly or indirectly.
I guess it’s time to start looking for a new online broker. Any suggestions for a reliable, cheap, non-spamming broker?
August 18th, 2006 at 3:22 PM
I am having the same problem with my ameritrade address, and like you, used a custom address for just ameritrade. Last year I got a few spams to the address, but in the last few weeks I have started getting dozens per day. I notified them when this started last year, and may have implied that they have a security problem. They assured me that they do not, and may have implied that I have the security problem. Not much progress was made after that exchange. So, thanks for the posting, now we both know very well where the problem lies.
August 19th, 2006 at 9:57 AM
I was a TD Waterhouse customer and left Ameritrade soon after the merger. I left because the trading fees for mutual funds was very high. I too use custom addresses, but I have not noticed Ameritrade spam.
I left for Firstrade and, for the most part, I like them. Their fees are reasonable, their website is very functional (at least for the things I do with on-line brokers), and I have had reasonable experiences the few times I have called phone support. Their mutual fund offerings are not a large as Ameritrade (one of my mutual funds was not offered). And I have yet to see any spam.
August 24th, 2006 at 10:26 AM
If you do more than 10 trades a year … then check out Interactive Brokers http://www.interactivebrokers.com/
I used to work there and they certainly have the best discount offering out there … especially if you don’t need broker provided research. They also let you trade multiple currencies, futures, foreign markets all from a single account.
August 26th, 2006 at 10:46 AM
I just had this happen this morning — like you, I have a unique email address for them. I’m thinking Reed is on the right track here — it seems like a leak is more likely.
August 26th, 2006 at 10:50 AM
This might be of interest as well…
August 27th, 2006 at 12:15 AM
One more victim ringing in. Luckily, and as did other of you, I used a customized address for e-mail from Ameritrade, so the culprit was easily identified. Even more luckily, I closed my Ameritrade account last year, so after getting a burst of this crap, I was able to tell procmail to kill anything coming in to that address.
September 14th, 2006 at 12:48 PM
You are so right. I called Ameritrade and asked them about the same thing. I even sent them samples of the headers, which you can send to techhelp@tdameritrade.com. They have an investigation going on. They also have been working with authorities, which to me says that something pretty bad happened – it’s not Ameritrade which is spamming you, and they swear up and down that they didn’t sell our information… which can only mean that the spammers have obtained that information by surreptitious means.
September 17th, 2006 at 11:43 PM
Hey – I don’t know about you other victims, but I’m pretty steamed about this. I’ve started a discussion forum for this problem, and extend the invitation to you for participation.
http://bsd4us.org/ass/forum/
September 18th, 2006 at 11:21 AM
I too was a TD/Ameritrade customer. I closed my account around 2004 (well before this image spamming). I received Ameritrade spam, and also have a unique ameritrade alias for them that was only given to them. Further, mine included an 8-digit date (based on when I gave them the email address), so I know it wasn’t just ameritrade@mydomain.com.
I reported it to Ameritrade, but I basically got, “we didn’t have anything leaked. Could your system have had it leaked somehow?” Why anything is possible, that is highly improbable. For since I believe 2003 I’ve been using Fedora Core exclusively (whenever FC2 came out). I’ve had iptables on since then. Since, I believe, FC3, I’ve been using SELinux. The likelihood of my boxes getting cracked is slim to none. I’ve always ssh tunneled to my server for pop3.
Anyway, I just wanted to point out that the commonality here is that it looks like most of this folks in my boat had ameritrade somewhere to the left of the @ of their email. I’m curious if it was the full word, and if the people collecting the info just spammed everyone with “ameritrade” in their email, or if someone had “at” “amerit” or something less than “ameritrade” in their email address.
September 20th, 2006 at 5:08 AM
Interesting idea. Could someone have interposed themselves between Ameritrade and its customers somewhere (maybe at Ameritrade’s ISP) and simply scanned the unencrypted e-mail data stream for addresses that include the word “ameritrade”?
September 25th, 2006 at 10:50 AM
Unfortunately, my secondart e-mail address was an important one for me, even though my primary was a unique one using “datek” as a key. (I became an Ameritrade customer after they merged with Datek)
So no, it’s not an attack on “ameritrade”-recognized addresses.
November 13th, 2006 at 10:41 PM
Same problem here. I have a unique aliases for all TD Ameritrade account. I opened my account in October. It took less than a month to start getting spam.
November 14th, 2006 at 12:08 AM
I’ve had the same spam problem since Ameritrade became TD Ameritrade. I recently changed all my email addresses to different ones and used only ONE specific address for TD Ameritrade. Have started to get spam already. It is their fault. I am going to go to one of their local branch offices (not to far from home) and confront them with this. I will probably move my account.
November 30th, 2006 at 12:24 PM
I noticed this problem around July, but have been too busy to address it.
As others have noted, I too give custome email addresses to EVERYONE I have an online account with in the form [AcctCompany].[MyDomain].com.
I give offenders one chance to remedy the problem where I receive spam to that address, then promptly close accounts and cease doing business with them if it happens again. If their attitude is particularly shitty, or they don’t seem terribly concerned, I close the account on the first incident.
You’d be amazed how many companies truly don’t care when you close the account and try to give them the reason. Oh well.
Out of curiousity today, I searched for “Ameritrade spam” and found that it has happened in epidemic proportions.
I definitely don’t feel that this is a company I’d like to continue doing business with and will closing my accounts in short order.
Jason
January 3rd, 2007 at 7:11 PM
I have the same problem as well. I also got a brush-off kind of treatment from Ameritrade. I get TONS of spam to my Ameritrade address. I seriously doubt it was ever Ameritrade policy to sell addresses. I see a few possibilities:
1) A hacker got in and stole email addresses (and who knows what else) from their servers.
2) Someone inside the company sold the addresses without corporate permission.
3) An employee’s laptop with customer data got stolen.
4) Ameritrade might have been using 3rd party companies to deal with customer relations for example, and that 3rd party leaked the addresses.
5) Someone was sniffing on the wire somewhere near ameritrade routers and got a ton of addresses via unencrypted email (I somehow doubt this was the problem, otherwise Ameritrade probably would have discontinued unencrypted email transmissions as part of their service, and would have required communications to be conducted via a message center on an encrypted webpage).
I’m surprised this hasn’t reached the papers, with all the stuff I see on the web about it.
Allie
January 15th, 2007 at 8:02 PM
I used a tagged address for Ameritrade as well, and have been recieving penny stock image spams to the tagged address for some time now.
It appears Ameritrade lost a data backup tape of customer information before the TD merger:
http://www.billkatz.com/node/77
April 12th, 2007 at 7:01 PM
Someone at TDAmeritrade is selling email addresses used for account notifications. The first time it happened to me, I wasn’t sure but suspected that was the case. Both email addresses I had with TDAmeritrade started receiving the “stock tip” spams on the same day. Since the addresses were also being used for other companies I didn’t immediately put two and two together. I changed both email addresses to a dedicated address given only to TDAmeritrade. Well guess what!
It has been about six months and today I received my first “stock tip” spam message to that special email account. 4/12/2007
One of two things is happening. An employee with access to the email accounts info is selling the addresses to make some extra money *or* TDAmeritrade management is selling the addresses with the intent to trigger foolhardy account holders into making stock trades, thereby increasing TDAmeritrade’s profits.
I contacted TDAmeritrade the first time it happened and was given the run around.
I now have the proof needed to show that something strange is happening at TDAmeritrade. I am going to send copies of all the documentation I accumulated to ABC, NBC, and CBS. Hopefully one of them will run with the story.
If you have similar documentation, do the same. The more letters and complaints the network news departments receive, the more likely they will investigate. I know. I used to work at NBC.
April 18th, 2007 at 8:30 AM
It happened to me too – AGAIN. This is the third time the email address I use ONLY with TD just ended up on a penny stock spam list. Either they are selling them, or they have a serious security problem (most likely an inside job).
This can NOT be explained by a random email address spammer because I have a catch-all account that would receive ALL variations sent to my domain name. But I do not get random variations. This stock spam specifically targets the address I gave to TD Ameritrade, and only TD Ameritrade.
Also, the last time I changed my email address, I created three variations (*_TD1*, *_TD2*, and *_TD3*). I gave one to TD, and the other two were control (i.e. I did not give them to anybody). And guess what? The one I gave to TD is getting stock spam, and the other two are not.
I don’t know how else you can explain this other than private email addresses are leaking out of TD Ameritrade. And I am furious.
April 23rd, 2007 at 7:00 PM
A follow up to my previous message. I have filed a complaint with the Securities and Exchange Commission. I also sent the info to “60 Minutes” at CBS. I suggest anyone having this same problem do the same. Numbers count. The more complaints each organization receives, the more likely they will investigate.
I have now started receiving the usual tpe of spam in addition to the “Stock tips”, so what I believe is happening, is an employee with access to account info is periodically selling the addresses to spammers. Some spammers are willing to pay up to $5 per valid address. Just imagine how much money that person is making by selling account email addresses.
I plan on moving all my assets to another company as soon as I find one that looks like it will meet my criteria. I suggest everyone do the same.
July 6th, 2007 at 6:47 AM
[…] I finally got around to filing the paperwork to officially transfer my account from the TD Ameritrade spammers to Scotttrade. I should have done this months ago when I first realized the problem, but I’m […]
July 22nd, 2007 at 11:22 AM
absolute nightmare experience, first they lost my history data during the change over from waterhouse to ameritrade and at the same time I started receiving the same spam everyone else was getting. All the people I dealt with seemed decent enough, except for one wise a__ manager originally from ameritrade (what a jerk). The manager is what triggered me to switch to a semi premium service broker, I do not mind paying more for trades when I know the company I’m dealing with has integrity and my better interest. The overall experience with ameritrade wasn’t far from dealing with the carnies at fair that run the games section.
I truly believe ameritrade or (BAIN CAPITAL, the company that owns ameritrade ) is selling peoples personal information in order to pay for these mergers. People from e-trade need to be warned because Bain capital has their sights on them next and your gona see history repeat itself again for what the fourth time now.
September 18th, 2007 at 5:32 PM
As an employee, with an employee account, I too was getting the same spam. Funny it never crossed my mind that it was a result of having an account. I was even bringing in samples from home to my manager. Now, as a FORMER, employee, (I left over a year ago.) I can assure people that it’s not the lower level grunts who allowed the “code” to slip into their system which allowed the compromise. The “Big Wigs” of the firm deliberately keep the grunts ignorant of any and all things going on in the firm. Not too hard of a task considering the turn over rate runs about eighteen months. “Provide an Excellent Customer Service Experience,” what a farce.
The most frustrating part, I left hoping to never cross or interact with them again only to find that I was still being screwed over by those two timing, back stabbing bastards!
March 12th, 2009 at 5:20 PM
Firstrade has no spam, I have been using it for a long time.