Ameritrade spam (Pump 'n Dump) response.

General discussion re sg.

Postby Jim27106 » Mon Nov 10, 2008 5:28 am

I picked the wrong job.

Elvey gets $10000, Charities get $55000, Ameritrade is off the hook (their liability under NC Spam laws could be astronomical), and the attorneys get $1870000.
Jim27106
 
Posts: 92
Joined: Sun Mar 05, 2006 8:07 am

Postby Elvey » Fri Nov 21, 2008 11:28 pm

Jim: please explain the NC law; I'm curious. I helped get CA's anti-spam law passed, BTW.

jgombos:Thanks for the info. Seems I'm being treated as a special case by the spammers; they're avoiding using the addresses they got from TD Ameritrade.
If you've kept all the email spammers sent you in the past 6 months or more that relates to TD Ameritrade, I'd appreciate it if you'd share it with me.
I have received spam to my ameritrade email addresses where the RFC2821.RcptTo doesn't match the RFC2822.To (see http://ietfreport.isoc.org/idref/draft- ... email-arch if you don't know what I'm talking about). I've seen an RFC2822.To of ameritrade-neerav@sneakemail..., for example. (I've left off the TLD.)

Good news: the TX Atty General wrote to the judge asking him to reject the settlement. I'll be posting an update to my blog in a few hours.
Elvey
 
Posts: 17
Joined: Wed Jun 13, 2007 2:17 am

Postby jgombos » Fri Nov 21, 2008 11:47 pm

Elvey, I don't collect ameritrade spam; it gets blackholed. Except for maybe a couple where they invented a variant of my keyword.

BTW, I noticed that ameritrade has a webform page for correspondence. I don't think that was there before. They may be taking actions to limit the need to use email addresses.
jgombos
 
Posts: 53
Joined: Wed Dec 14, 2005 3:28 am

Postby jgombos » Sun Mar 08, 2009 2:52 pm

Word of warning to Ameritrade users: if you allow an email address to be seen by Ameritrade, their staff will change your email address in their records automatically w/out getting your consent. I discovered this recently when I sent them a fax that happened to have a different email address on the cover page than the one on file with Ameritrade.

The danger is that it's easy for outsiders to receive email intended for any Ameritrade client, which can then be used maliciously. The other danger is that stock spammers start attacking yet another email address.
jgombos
 
Posts: 53
Joined: Wed Dec 14, 2005 3:28 am

NC anti-spam law

Postby Jim27106 » Mon Mar 09, 2009 4:18 am

jgombos, Sorry about the late reply - I just saw your question.

NC's anti-spam law allows one to sue for $10 for every message. But, in typical lawmaker style they give the big companies a big break: They can sue for $25,000 per message. And by big company I mean an ISP.

My question: What is an ISP? I've not tracked down the definition. I wonder if spam gourmet counts as an ISP.

You probably want a title and code sub-section citation. I don't have it.
Last edited by Jim27106 on Mon Mar 09, 2009 4:27 am, edited 3 times in total.
Jim27106
 
Posts: 92
Joined: Sun Mar 05, 2006 8:07 am

Ameritrade Address Alterations

Postby Jim27106 » Mon Mar 09, 2009 4:25 am

I became re-enveloped into the Ameritrade family when they bought Waterhouse. None of the waterhouse email addresses have experienced alterations (adding a + in the front and other such nonsense).

And god, I love SpamGourmet. Being able to look up the addresses I used and how many messages had come through is wonderful.
Jim27106
 
Posts: 92
Joined: Sun Mar 05, 2006 8:07 am

Postby Elvey » Mon Apr 27, 2009 5:46 am

:idea: Everyone should review TD Ameritrade here. Yeah! :lol:
Jim, you wrote:
NC's anti-spam law allows one to sue for $10 for every message.

Sue who? http://spamlaws.com/state/nc.shtml says something that makes TD Ameritrade liable? Please explain. :?

There is a definition of ESP there too.
Elvey
 
Posts: 17
Joined: Wed Jun 13, 2007 2:17 am

Postby jgombos » Mon Apr 27, 2009 4:21 pm

Elvey wrote::idea: Everyone should review TD Ameritrade here. Yeah! :lol:
Jim, you wrote:
NC's anti-spam law allows one to sue for $10 for every message.

Sue who? http://spamlaws.com/state/nc.shtml says something that makes TD Ameritrade liable? Please explain. :?

There is a definition of ESP there too.


TD Ameritrade could be found directly in breech of ?14-458(5) for causing the unauthorized availability of the email addresses. And indirectly, TD Ameritrade could be liable for ?14-458(6) because their lack of diligence was an enabler for the injury. Moreover, the tort law entitles the injured to $10 per email, and only excludes ISPs from those who would otherwise be a target for the lawsuit.
jgombos
 
Posts: 53
Joined: Wed Dec 14, 2005 3:28 am

NC statute

Postby Elvey » Tue Apr 28, 2009 9:32 pm

jgombos wrote:
Elvey wrote:Sue who? http://spamlaws.com/state/nc.shtml says something that makes TD Ameritrade liable? Please explain. :?


TD Ameritrade could be found directly in breech of ?14-458(5) for causing the unauthorized availability of the email addresses.


If you can find precedent where a firm was found guilty or settled a case where it was charged with causing unauthorized copying merely by having even knowingly compromised security, you'll have my and my attorneys' attention. It's quite possible a judge or jury could rule that way, but it's a stretch.
You should contact the NC Attorney General's office by phone and ask them to object to the settlement on the grounds that it does not provide sufficient compensation because of this statute. TD Ameritrade's instruction to potential class members to destroy evidence would strengthen the case.
Elvey
 
Posts: 17
Joined: Wed Jun 13, 2007 2:17 am

Settlement & lead counsel REJECTED

Postby Elvey » Wed Oct 28, 2009 7:39 pm

Jim27106 wrote:I picked the wrong job.

Elvey gets $10000, Charities get $55000, Ameritrade is off the hook (their liability under NC Spam laws could be astronomical), and the attorneys get $1870000.


I've updated my blog.

Current situation:
Who gets what (the numbers Jim quoted) are ALL back up in the air. :? Until Friday, it had been Elvey gets $0. :(
Elvey
 
Posts: 17
Joined: Wed Jun 13, 2007 2:17 am

New Settlement Proposal

Postby Elvey » Sat Nov 27, 2010 12:30 am

:arrow: There's a new settlement proposal that's gone public.
I've posted links on my blog.

Here's a summary:

Some class members can get cash. If you've not been an Identity Theft victim, you get $0.

If you've been an Identity Theft victim, and the only identity theft you experienced involved an Existing Credit or Debit Card Account, you may recover $50 if you correctly provide the required information described on a complicated form, and obtain and provide copies of the documentation it requires.

If you've been an Identity Theft victim, and the identity theft you experienced involved a New Account or an Existing Account other than an Existing Credit or Debit Card Account, you may recover up to $250 if you correctly provide the required information described on a complicated form, and obtain and provide copies of the documentation it requires, and may recover up to an additional $750 in out-of-pocket expenses, defined to include telephone charges, copying, postage charges or other charges incurred in closing or correcting an account that was opened or affected as a result of this kind of identity theft. (Legal fees and lost wages are not on the list, which is copied from the Agreement.) Also, if as a result, you paid money that you didn't really owe to creditors and you tried and failed to get them to waive the charges due to the ID theft, and you tried and failed to get them to refund the charges, you can apply to get up to $1500 of it back.

TD Ameritrade will retain Neohapsis, an information technology security consultancy, at TD Ameritrade?s expense to assess whether TD Ameritrade has met certain information technology security standards set forth in the Settlement Agreement (Exhibit G) the standards do not require that TD Ameritrade ensure that default passwords on their servers are changed, that they perform penetration testing, or that they retain or monitor canaries placed in their user account database. If TD Ameritrade fails to meet one or more of the standards, the agreement does not require that the Evaluator perform a second assessment after TD Ameritrade is given time to correct the non-compliance.

All the benefits of the old settlement are gone:
No free year of Trend Micro Internet Security Pro.
No announcement? (Less comprehensive).
No penetration testing.
No account seeding with canaries.
No charitable donations to___; none are guaranteed.
No $2.8 million to the plaintiffs' attorneys. They get $500,000 (less any funds over $6,000,000 distributed to the class.) How it's to be shared is not determined or disclosed.
No $10,000 for class representatives, like me. We get $0.


You can review and comment on the key documents, which I've posted in editable wiki form at http://caringaboutsecurity.wikispaces.com! Cool, huh? (I've not posted the less important documents to the wiki. Just exhibits A, F, and G for now.) Please take a look and provide feedback. :)
Elvey
 
Posts: 17
Joined: Wed Jun 13, 2007 2:17 am

Previous

Return to General Discussion

Who is online

Users browsing this forum: No registered users and 13 guests