Wave of spam expected for TD Ameritrade clients

Earlier I wrote about the TD Ameritrade data breach, which compromised user names, postal addresses, email addresses, but fortunately, not IDs, SSNs or passwords. The discovery of the breach was a result of an investigation into an increase of spam to TD Ameritrade users. As such, I figured the spam wave was over, and that I had been saved by Gmail's spam filters. But I may have been too optimistic.

Security firm Sophos has seen the first stages of what could be a massive wave of phishing spam. In a report Sophos released:

Sophos has already gained proof that hackers are trying to exploit these stolen addresses for commercial gain, with its worldwide network of spam traps blocking a phishing campaign, in which cybercriminals try to coax recipients to a spoof TD Ameritrade site in an attempt to capture user IDs and passwords.

"Hackers are now in possession of 6.3 million email addresses for people that they know are interested in trading shares. This knowledge alone could spur the creation of highly targeted spam emails, such as 'pump and dump' campaigns which offer bogus share tips to artificially boost stock prices. We've already spotted spear-phishing campaigns where criminals send emails posing as TD Ameritrade in order to extract additional personal information," said Graham Cluley, senior technology consultant, Sophos. "TD Ameritrade customers the world over should be extra vigilant about responding to emails from the company and should immediately check to ensure that their accounts haven't been fiddled with."

Below is an example of a phishing email that Sophos captured (click to enlarge). Personally, I have seen an upsurge in spam, but none of it TD Ameritrade-related. Yet.