Scam Ameritrade Emails Lead Users to Malware-Hosting Golf Site

Gallery Icon

bill-swift - July 14, 2012

The goal of cyber criminals is to scam as much money as possible without getting caught. I think that's obvious enough. One more way they cover their tracks is by hosting their malware on sites that aren't even theirs.

This is the hackers did in the Ameritrade email scams. Instead of setting up an entire site just for their malware-infecting purposes, they hacked into a golf site instead and tweaked it so that it served malicious scripts to unsuspecting site visitors.

One of these emails was intercepted by the folks over at Spyware Sucks. There are two variants of these messages currently in circulation. The first reads:

Your statement for your TD Ameritrade account ending in XXX7 is now available online. To view your statement (along with previous statements), please Log On to your account and choose "History & Statements" (under Accounts). Then click the "Statements" tab, select the appropriate month(s) under the "View statements" drop-down menu, then click the "View" button.

The second goes something like:

TD Ameritrade understands the importance of protecting your privacy. We are sending you this notification to inform you of important information regarding your account. If you've elected to opt out of receiving marketing communications from us, we will honor your request. Market volatility, volume, and system availability may delay account access and trade executions.

When you get unsolicited emails inviting you to do stuff like update your account or log in to fix some error, check who it's from and see if the links re-direct to a legitimate URL. Otherwise, hit delete or report it as spam ASAP.

Tagged in: gear ,

Disclaimer: All rights reserved for writing and editorial content. No rights or credit claimed for any images featured on unless stated. If you own rights to any of the images because YOU ARE THE PHOTOGRAPHER and do not wish them to appear here, please contact us info(@) and they will be promptly removed. If you are a representative of the photographer, provide signed documentation in your query that you are acting on that individual's legal copyright holder status.