jgombos wrote:My email system is composed of mutt, procmail, and sendmail, all on a linux box. There is a Windows machine on the LAN for gaming (which is all Windows is good for), so I really doubt it was harvested from my machine. I have thousands of email addresses in my mail archive, and this would have to be very selective for the attacker to only target my ameritrade address (which I may not even have on my system).
I take it that you never emailed Ameritrade, so that the address could NOT have been captured on your system, even if you were running an owned Windows box (aren't they all).
Indeed, I agree with your analysis. Linux machines are immune to email-collecting bots. So this means Ameritrade has either a system that leaks like a sieve, or more likely some underpaid temps collecting email addresses to sell to stock scammers.
Either case is rather disquieting. I'd contact the security and fraud dept at Ameritrade ( 800-669-3900 during business hours, ask for a security specialist), get a guy who knows what Linux is, explain the situation to him, and see what's the answer. Make sure to mention that you're not running Windows, that the address is Ameritrade-specific and that the address has been sold only to stock scammers, indicating a targetted address theft.
Please post the answer here. If Ameritrade is unresponsive and you need to push things, I can involve security-oriented web site. Why, it would even make a juicy Slashdot story.
Please let us know if you managed to get Ameritrade's attention.
Looking forward to hearing from you.