Securities Account Takeovers and Pump and Dump Schemes

The Securities Fraud Lawyers at Greco & Greco have been hearing more and more about criminal schemes involving securities account takeovers followed by criminals engaging in unauthorized trading to pump and dump the values of thinly traded stocks. These attacks often occur when bad actors gain unauthorized access to brokerage accounts through the exploitation of weak security controls and failures to supervise. The rise in such incidents can lead to extreme losses in customer accounts at brokerage firms that allow unauthorized access.

In the pump and dump scheme, criminals artificially inflate prices through coordinated trading and/or deceptive promotional activity. Once the prices are sufficiently “pumped,” the fraudsters sell off their positions at a profit, often leaving the account owners and unwitting investors facing substantial losses when the stock price collapses. The ease of access to customer securities accounts through apps (and lax security by investment firms) have only made these schemes easier to execute.

In response to these threats, the Financial Industry Regulatory Authority (FINRA) has issued comprehensive guidance to broker-dealers, most notably four years ago in Regulatory Notice 21-18, to help prevent and mitigate securities account takeover attempts. FINRA highlights the importance of robust authentication procedures, continuous monitoring for indicators of unauthorized account activity, and swift escalation and remediation protocols in the event of a suspected compromise. Broker-dealers are urged to evaluate and, where needed, enhance their existing controls in light of evolving attack techniques, particularly as more firms adopt fully online service models and rely on automated account opening processes.

Specific practices recommended by FINRA include multi-factor authentication for customer logins, use of out-of-band verification for sensitive transactions, real-time monitoring for unusual activity patterns, and regular education and training for both staff and customers about current fraud risks and social engineering tactics. Broker-dealers are also encouraged to have clear written escalation procedures for suspicious account events, collaborate closely between compliance, AML, and customer service functions, and leverage reporting from industry peers to stay ahead of emerging threats. Additionally, timely communication with customers regarding suspicious activity can help contain losses and reinforce a culture of vigilance.

U.S. SEC Regulation S-ID (17 CFR § 248.201) similarly requires investment firms to “develop and implement a written Identity Theft Prevention Program (Program) that is designed to detect, prevent, and mitigate identity theft…”

As securities account takeover incidents and related pump and dump schemes continue to grow in scale and sophistication, it is essential for broker-dealers to implement comprehensive, adaptive controls aligned with FINRA’s guidance, including those in Regulatory Notice 21-18. Proactive measures such as layered authentication, prompt fraud detection, and internal training are not only key to protecting client assets but also crucial for safeguarding the integrity and reputation of the securities industry as a whole.

If your securities firm allowed criminals to access your account without authorization causing losses or unauthorized withdrawals or wires, please contact the Securities Fraud Lawyers at Greco & Greco for a free consultation with one of our attorneys about your claims and possible recourse against your brokerage firm. We also recommend reading our blog post regarding our successful recovery in FINRA arbitration of losses, interest, and attorney’s fees for our client against Interactive Brokers in an unauthorized access and withdrawal case.