Criminals come up with new ways to plunder your brokerage account. By David Landis, Contributing Editor December 31, 2007 The next time you log in to your online brokerage account, ask yourself: How well do I know this computer? If you're making trades from a public place -- say, in an airport, library or hotel lobby -- you could be handing vital account information to thieves.Criminals have made off with millions of dollars recently by targeting online brokerage accounts. E*Trade admitted that the cost of reimbursing customers for fraud losses rose by $18 million during its third quarter. Ameritrade said it paid $4 million to cover customers' fraud losses during the same period. Neither firm will go into detail about how the losses occurred, but they insist that their own security measures were not compromised. Rather, they say, the problem was that customers were unwittingly coughing up their account information. One common way for passwords and other sensitive information to fall into the wrong hands is through a public computer that's been infected with keystroke-logging software. Such programs record what you type and pass it on to criminals, says John Reed Stark, chief of Internet enforcement at the Securities and Exchange Commission. Another way to purloin passwords, he says, is through so-called phishing scams. These take the form of e-mails that trick you into entering your personal information at Web sites dressed up to look as if they belong to your bank or online brokerage. Advertisement Often, thieves who gain access to an account will liquidate a victim's holdings and wire the proceeds out of the country. Lately, though, they've been investing the money in penny stocks -- that is, shares of very small companies -- to drive up the prices. They then unload the inflated shares on the open market and make off with their "investing" profits. "It's a new wrinkle on pump-and-dump," says Stark. To combat the problem, E*Trade offers customers a computerized token, which you use with your user ID and password, that generates a unique code every 60 seconds. The tokens, says a spokeswoman, "render an account virtually impenetrable." They are free to customers who have $50,000 or more in assets or who trade 30 or more times a month; otherwise, you pay a one-time fee of $25. Ameritrade offers customers a suite of free or reduced-cost security programs. The SEC recommends doing business from your own PC and avoiding wireless networks, which aren't as secure as hard-wired connections (see more advice from the SEC).