IB : If someone has my IB password, can they get to my funds?
- Thread starter tyrant
- Start date
This doesn't directly address your question (because I don't know the answer) but there are indirect ways of leveraging the money/buying power in your account to someone elses benefit if they have the ability to place trades in your account:
Someone could use your account to place a large buy order on a thinly traded stock while at the same time they placed a corresponding sell order on that stock in their account (assume they bought the stock earlier at "normal" prices).
Another poster previously suggested that doing this with thinly traded options could be an even more efficient way of generating a loss in your account and creating an artificial gain in their acct, in essense transferring money to their own account.
I think they would also need control of your email/computer.
IB sends a confirmation email to your email of record that has a number "token" that you must put in, before they approve the transfer.
If someone could monitor your email and/or change it (also requires confirmation token sent to current email address), then they could possibly steal money.
But they would also need to, AFAIK, create a withdrawl "instruction" to ACH or wire out money. This usually takes a while and, also, requires confirmation if I remember correctly.
In short, it would generally be hard IMHO. But if someone had complete control of your system, and you were gone for a week or two (vacation?) then it would be fairly easy.
Best solution is the hardware device. It's just a small handheld device you type in the numbers they give you and it creates a "response code". That way, the crook has to have the device and your passwords to steal.
IB sends a confirmation email to your email of record that has a number "token" that you must put in, before they approve the transfer.
If someone could monitor your email and/or change it (also requires confirmation token sent to current email address), then they could possibly steal money.
But they would also need to, AFAIK, create a withdrawl "instruction" to ACH or wire out money. This usually takes a while and, also, requires confirmation if I remember correctly.
In short, it would generally be hard IMHO. But if someone had complete control of your system, and you were gone for a week or two (vacation?) then it would be fairly easy.
Best solution is the hardware device. It's just a small handheld device you type in the numbers they give you and it creates a "response code". That way, the crook has to have the device and your passwords to steal.
Yeah I think you are right.
So it would be a little harder. They'd have to setup an account with the same name, using fake ID. At least, I hope the bank would ask for real ID.
So it would be a little harder. They'd have to setup an account with the same name, using fake ID. At least, I hope the bank would ask for real ID.